Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I've tried without success to change config setting in middleware for session domain as request()->host(). Would like to limit login session per wildcard subdomains. Not sure how to do it, if I put *.example.com, it includes the main domain and other subdomains.
Laravel itself doesn't have support for this.
A better approach is making sure your application only accepts certain domains in the first place. You can, for example, create a middleware that checks against an array of allowed subdomains. This way, you can keep using the *.domains.com settings.
There is also a package available for this: https://github.com/tkaratug/laravel-domain-whitelist
@bobbybouwmann not sure if you understood me, lets say I have site-one.example.com and site-two.example.com, how can I keep the session for site-two.example.com only for that subdomain, when I visit example.com or site-one.example.com I would like to have its own session, if you understand me correctly?
@bobbybouwmann Oh seems like when I remove *.example.com it works as I need it :O
@soixt Yeah, so you need to be specific about the domain. You can also use site-one.example.com in there to be really specific. If you set it to null it will use the current domain.
@bobbybouwmann I did tried to be specific dynamicly for each sub-domain as each user/client. However it didn't work until setting it as null where it does it automatically like that as you said
@soixt Oke, well good to know ;)
Please or to participate in this conversation.