Persisting sessions across subdomains in Laravel 5

Question

Using 5.0

in config/session.php I have set 'domain' => '.example.com' but it is not working. I cannot persist a session on even one domain like this.

My site has many subdomains:

vancouver.example.com
newyork.example.com

etc... they are hosted on the same server and are the same Laravel app (share the same storage directory)

I login with the correct credentials, upon which the app redirects to another page on the site, and I have no session at that point. var_dump(Auth::user()) shows null even though I logged in with the correct credentials.

storage/framework/sessions shows 14 different files there, they are all for me and I cleared them out before I started testing this.

I'll attach my AuthController@postLogin method below, which works fine if session.php 'domain' => null

public function postLogin(Request $request)
{
    $this->validate($request, [
        'email' => 'required|email', 'password' => 'required',
    ]);

    $credentials = $request->only('email', 'password');

    if ($this->auth->attempt($credentials, $request->has('remember')))     {
        Session::flash('message', 'You are now logged in.');
        Session::flash('status', 'success');

        if (str_contains($_SERVER['HTTP_REFERER'], '?goto=')) {
            $params = explode('?', $_SERVER['HTTP_REFERER'])[1];
            $target = explode('=', $params)[1];
        } else {
            $target = '/';
        }

        return redirect($target);
    }

    return redirect($this->loginPath())
                ->withInput($request->only('email', 'remember'))
                ->withErrors([
                    'email' => $this->getFailedLoginMessage(),
                ]);
}

Answer 1

If someone needs to sync session in subdomains with different laravel application sharing same database

Follow all the instructions of @Kiran Maniya Then you have to keep same application name in order to get same session name. Or just change the cookie config in config/session.php

You can hardcode it if keeping same name is not possible.

'cookie' => env(
    'SESSION_COOKIE',
    Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
) 

to something like:

'cookie' => env(
    'SESSION_COOKIE',
    'session_sharing_application_session'
) 

Answer 2

With Laravel 8 it becomes more simplier :

Add SESSION_DOMAIN to your .env file :

SESSION_DOMAIN=.yourdomain.tld

Clear configuration cache :

php artisan config:cache

Delete your browser sessions cookies, then session become shared between all your subdomains.

In my case I used to AutoLogin user to subdomain once account is created on www. domain. Worked fine.

Answer 3

You'll need to update the session configuration to persist the session in domain-wide including subdomains. Follow the steps given below.

1. Go to config/session.php and update the domain with prefix . as config => '.your-domain.com'.

2. Then clear your application cache, Open the Chrome DevTool and Go to Application > Application > Clear Storage. You'll need to clear out the previous cookies also.

3. run artisan command php artisan config:cache or php artisan config:clear to drop previously cached laravel application configs.

If you are using database as the session driver, You need to create a session table for that. run command php artisan session:table to generate the session table migration and then migrate it using php artisan migrate. Then perform the three steps given above.

Answer 4

If someone still gets the problem with subdomain cookie. Try to change Session Cookie Name in config/session.php

Answer 5

@gadss

you need to add session table like this

php artisan session:table

composer dump-autoload

php artisan migrate

and change .env to SESSION_DRIVER=database

also modify config/session.php

'driver' => env('SESSION_DRIVER', 'database') and

'domain' => '.yourdomain.com'

after that clear your browser's cache and cookies.

Answer 6

Figured it out. Update domain => '.example.com' in session.php and clear the cookies for the site in question.

Answer 7

Have you tried storing the sessions in the database, memcached, or redis instead of in files? I had a similar situation to yours and storing sessions in the database solved the issue for me.

For some reason Laravel's session driver doesn't handle cross domain sessions correctly when using the file driver.