Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Guido's avatar
Guido
OP
4 years ago
Level 2

Problem: Auth session is not persisted

Hey guys, I having an issue with my auth session. Every time I redirect or reload the page, the user is logged out again. I give you an example:

Route::get('/test', function() {
    dump(Auth::check()); // false

    Auth::loginUsingId(3);

    dump(Auth::check()); // true
});

Every time I reload the /test route, the first check is false and the second true. So I guess the login worked, somehow. But after the second run, I would expect that both checks are true. Same behaviour when loggin in on one page and redirecting to another page.

It's a freshly installed Laravel project. I'm using sail. Do you have any idea what could cause this? Because I'm out of ideas.

  • I compared the auth and session config with an old project where I have no issues with that. All looks the same.
  • I tried using other login methods like Auth::login($user);
  • I set 'same_site' => null,
  • I see that there are session files in /storage/framework/sessions
  • My route uses the web middleware group

Any ideas what I could try?

0 likes
6 replies
Talinon's avatar

@guido

I think you will find it will persist if you stop dumping. The session doesn't get saved until the very end of the request's life cycle. Try this as a test:

Route::get('/test', function() {
    Auth::loginUsingId(3);
});

Route::get('/test2', function() {
    dump(auth()->id()); // should output '3'
});
Guido's avatar
Guido
OP
4 years ago
Level 2

@Talinon Still the same. But dumping in general will not stop my request, right? I used dump and not dd. So after a reload I would expect that the first check is true.

Seems that it's something with my (not existing) cookies.

Snapey's avatar

Check that your browser receives cookies from the Laravel application

1 like
Guido's avatar
Guido
OP
4 years ago
Level 2

@Snapey You're right. I don't have any cookies. I thought I have... but this where from another app with the same local development domain.

But still no idea why.

My middleware groups:

    protected $middlewareGroups = [
        'web' => [
            // MyMiddleware::class,
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            'throttle:api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];

The \Illuminate\Session\Middleware\AuthenticateSession::class looks suspicious. But was default off and is the same in all my other apps.

And tried it in a private browser (so no plugins which could cause this).

Guido's avatar
Guido
OP
4 years ago
Best Answer
Level 2

OK, I got it. I set SESSION_DOMAIN=http://app.local in my .env file. This somehow breaks laravels ability to set cookies. I set this to null and it is working again.

Please or to participate in this conversation.