Level 5
Well, this won't help a lot, but I'm having the exact same problem as you. I've spent many hours figuring what's causing this without any luck. So, if you find a solution let me know!
Nov 2, 2016
4
Level 1
Laravel 5.2 recreates a session every time in our production server
Hi! As I said in the title Laravel makes a new session every time I make a get/post on the server. The sessions are stored in files and they are created fine so it is not a permission problem. The strange thing is that it works on two different development environments and we tried it on a digital ocean server and it works there too. We can't move to another server because we have everything connected with this one and we try to keep it here at least of a while mainly because it is more cheap and is in Denmark (All our current requests are made from Denmark). I spent over a week trying to figure out what is wrong and all I was able to get is that Laravel sends the TokenMismatchException in VerifyCsrfToken.php line 67 because the tokens are different. I can see in the storage folder that two different sessions files are created. Do you have any idea what can be the issue? I am thinking about a server configuration issue but I don't know what exactly so I can't write a message to the support team. I don't think it is a code error since it works on 3 different machines. Any kind of help will be great. Best regards, Alex!
Level 1
The only solution that I found for now is to move to another server but I'm trying to avoid that.
Level 1
Hey @__gregory I found a solution for my issue. I was using Laravel 5.1 and creating a new project with Laravel 5.3 apparently fixed the issue. You should try that if you are on an older version of Laravel.
Level 7
Hi @AlexandruDraghi,
Generally that happen when you environnement is set in Https and your cookie is set to secure only. If the redirect from http to https become after the session midleweare on laravel that create always a new session because the cookie was not found, same for csrf token.
Two different solutions :
- Create the redirect from http to https on nginx config
- Put the redirect from http to https of the top of your midleweare.
If is not that. It's possible you are behind a varnish and it not provide you the laravel_session cookie.
I hope this sentence can help you.
Regards, Eric.
1 like
Please or to participate in this conversation.