Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

webleyson's avatar

losing session data with custom guard

I have a multi auth system, using a custom guard, 'Providers'. The system logs in but on refresh, logs out. After logging in the https changed from green in Chrome to grey. You can see it here - https://babapp.co.uk/provider/login user: [email protected] pass: password

My auth.php file has this

 'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],a
    'provider' => [
        'driver' => 'session',
        'provider' => 'providers',
    ],
],

and

 'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\User::class,
    ],
    'providers' => [
        'driver' => 'eloquent',
        'model' => App\Provider::class,
    ],
 ],

ProviderLoginController.php has this

public function __construct()
    {
        $this->middleware('guest:provider', ['except'=>['logout']]);
}

All looks fine.

On the server, the session file for my custom guard login has different permissions to to laravel normal users login.

The user and group are the same, where as all other files have the www-data group and my linux user...

Could this be the issue?

Have also changed the session driver to database and the session is created but doesn't save a user_id for the session.

Not sure if this is a permissions problem or a middleware problem.. Any help greatly appreciated!

Thanks.

0 likes
3 replies
jlrdw's avatar

the session file for my custom guard login has different permissions to to laravel normal users login.

Permissions have to be correct. I would first just test session persisting by a simple test:

Try setting something in session and see if that persist, like

Have this use statement

use Illuminate\Support\Facades\Session;

and in a method

Session::put('mytest', 'hello');

and try it on another page

echo Session::get('mytest');

If that works then you need to dig through your code a little at a time to narrow down the culprit.

Again, first get all permissions set correctly.

webleyson's avatar

Hi. Turns out I had a ViewComposer running that checked the logged in user had an one to many association with a model. It was checking my custom guard, admin users too. So if no association, log out the user!

Unbelievable!

Cronix's avatar

The reason why the SSL icon changes from green (on the login page) to grey (in the app once logged in) is because you are loading some images that are using http instead of https.

one is coming from http://placehold.it/45x45

All images, css, scripts, etc, need to be loaded using https on https pages, or it isn't "secure."

I see a lot of your js scripts aren't loading either causing errors in the js console.

Please or to participate in this conversation.