Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi All,
When I'm trying to execute the following test in L7, it gives RuntimeException: Session store not set on request.
/** @test */
public function user_can_login_with_correct_credentials() {
$this->withoutExceptionHandling();
$user = factory(User::class)->create();
$response = $this->post('/login', [
'email' => $user->email,
'password' => 'password',
]);
$response->assertRedirect('/home');
$this->assertEquals(200, $response->getStatusCode());
$this->assertAuthenticatedAs($user);
}
Am I missing any of the settings in my test case?
Regards,
Saneesh.
@saneesh and does everything works through the browser?
Did you removed anything from the RouteServiceProvider like the web middleware which is applied to the web.php file?
How does your phpunit.xml file looks like, or are you overriding any settings using the .env.testing file?
Missing:
<server name="SESSION_DRIVER" value="array"/>
from the phpunit.xml file while not providing any default from the session.php config?
Those are parts that I would check :)
Thank you for your reply! I didn't changed anything.
SESSION_DRIVER is already there.
I don't have .env.testing file
web.php looks like :
Route::get('/', function () {
return view('welcome');
});
Auth::routes();
Route::get('/home', 'HomeController@index')->name('home');
Note: to avoid the CSRF issue I have used the trait WithoutMiddleware, is that is the problem? if so, how can avoid the CSRF issue?
@saneesh take a look at the big block note here: https://laravel.com/docs/7.x/csrf#csrf-excluding-uris
It says clearly that CSRF is automatically disabled while running tests. So yes, that is a problem I believe.
But, if i remove use WithoutMiddleware; it shows the following error:
Tests: 1 failed
Illuminate\Session\TokenMismatchException
CSRF token mismatch.
@saneesh in your phpunit.xml file there is a <php> node, add this:
<server name="APP_ENV" value="testing"/>
or create your own .env.testing file and put different variables then the ones in .env:
<php>
<server name="APP_ENV" value="testing"/>
<server name="BCRYPT_ROUNDS" value="4"/>
<server name="CACHE_DRIVER" value="array"/>
<server name="DB_CONNECTION" value="sqlite"/>
<server name="DB_DATABASE" value=":memory:"/>
<server name="MAIL_MAILER" value="array"/>
<server name="QUEUE_CONNECTION" value="sync"/>
<server name="SESSION_DRIVER" value="array"/>
</php>
This is my phpunit.xml
When I execute dd(env('APP_ENV')) in my test case it shows as testing
Then I tried the code in https://github.com/laravel/framework/issues/13374#issuecomment-239600163 also.
But nothing helps
Is there any other way to test the login? I mean by changing the code in the test case.
Is this a Unit or a Feature test?
Are you extending from:
use PHPUnit\Framework\TestCase;
or
use tests\TestCase;
one is PHPUnit and the other one bootstraps the Laravel app, so make sure you use the second one.
And btw, why you have withoutExceptionHandling in your test?
I'm using use Tests\TestCase;
withoutExceptionHandling() to check if some exceptions happened I have added it.
In between I have tried with but that also not worked
$response = $this->json('POST', '/login', [
'email' => $user->email,
'password' => 'password',
]);
Now it is working with the old code after adding the code in https://github.com/laravel/framework/issues/13374#issuecomment-239600163
I have cleared everything with this command php artisan clear-compiled && php artisan config:clear && php artisan cache:clear && php artisan view:clear && php artisan route:clear && sudo composer dump-autoload && php artisan optimize
Thank you so much for your help to shed light to different areas I need to check!
Hey
I have been facing this problem too and, to solve it, I used a little bit of ChatGPT and Previous Knowledge on Laravel. Well, in my case, I wanted to test a route to register an User. The code below solved my problem:
public function testCreateUserFails()
{
Session::start();
$response = $this->post(route('create_user'), [
"name" => "Leonardo",
"email" => "[email protected]",
"password" => '123',
"_token" => csrf_token()
], [
"XSRF-TOKEN" => csrf_token(),
"_token" => csrf_token()
]);
$response->assertRedirect('/dashboard');
}
Well, to do that, I need to simulate the default behaviour of laravel when it recieves a request from a form with @csrf annotation. So, I need to inject the "_token" inside the payload and generate a token using csrf_token. Then, I need to set the header "XSRF-TOKEN". I think that it is used to determine the origin of the request. At some point, laravel saves an XSRF-TOKEN and every request to laravel sends it again. If you don't send it when you make a request, it'll send a 419 Page Expired. Besides, If you try to simulate it, but send a wrong token inside the request payload, laravel will throw an 500 status code response CSRF Token mismatch. I think that It should be equal to the token sent on the header. It must be unique and exclusive to each client, otherwise It would not be helpful to identification propuses
I'm not sure about all I've explained, but I got this idea while trying to solve this problem. Hope it helps you.
Please or to participate in this conversation.