Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

croftvel-dev's avatar

Laravel session issue XSRF and domain tokens are not being set

I have 3 environments for my Laravel application

  1. Local (as the name suggests running Apache2 )
  2. Pre-Prod ( a VPS that serves application from Apache2 as well )
  3. Prod ( this VPS server is also running Apache2 with cloudflare [I am still somewhta confused as to why we have cloudflare here ] )

Now my problem for local and preprod when ever I load my apllication lets say home page Laravel sets 2 cookies named domin_session and XSRF, which is not being set for my prod env cause me not being able to login. Since I am using Auth::guard()->check() to check validity and it returns false ( Auth::guard()->user() this resolves to null) I am not being able to make $request->validations as it keeps redirecting

EDIT 1: I am using SESSION_DRIVER as "database"

PS: My day 1 here so cant upload imgs

0 likes
4 replies
experimentor's avatar

I'm assuming that you are using cloudflare for load balancing on the production server. If that is the case, and if your session driver is "file", you should enable sticky sessions on the loadbalancer. Because a session cookie may be generated on one server and stored in its file system upon first request. The second request may be directed to another server by the load balancer. Since the second server does not have the session stored on it, you'd get errors.

Note: I do not have any experience with CloudFlare. My inputs come from my experience with AWS.

1 like
croftvel-dev's avatar

@experimentor Hmm laodbalancing could be the case tho I suspect that we are using cloud flare for DNS resolution, and to enable HTTPS. Also I forgot to mention in the post (will add now) that we are using database as session driver, we had write permission issue on the server with "file" as our session driver which lead me to use database. Yes I have checked that everytime I hit up the url it creates an entry in the db

Snapey's avatar

There is a problem that occurs with apache if your app puts out some data before laravel can output headers. This can be caused by a stray character before the opening php tag of one of your files or by closing php on a page and continuing to have further content.

I think apache logs can show a message about being unable to set headers

It is sometimes evident if you look closely at the stream that comes from the server and see something in front of the opening html tag.

1 like
croftvel-dev's avatar

@Snapey Thanks I will try to get access to the logs, since I am using a normal user on cPanel that does not allow me to access log which I believe is present in /etc/apache2/ directory, further investigate the issue and update here on the forum

Please or to participate in this conversation.