Reputation: 4297
Laravel 5.1. Session token changes in each request only from mobile devices
I've discovered a strange thing in my Laravel 5.1.28 web page. The session token changes in every request when I use a mobile device (android, iphone). I see this in two places.
One, on the development bar on the session tab.
Two, when I write in the view {{ csrf_token() }} (For example, I put <input type="hidden" name="_token" value="{{ csrf_token() }}"> in a login form and the _token changes in very reload.
This breaks my login form and I can't login from any mobile device (tested in moto 2 gen and on iphone 6). However, I've said, the token works well from desktop (firefox, chrome, ie) and from tablets (ipad).
Any clues about this? Thank you.
Upvotes: 0
Views: 569
Answers (1)
Reputation: 4297
(Related to this, admin could think that this is the same question)
Solved.
The problem was a wrong value of 'domain' key in session.php. On mobile devices for any reason the cookies policies are more restricted.
I had got this value:
'domain' => env('SESSION_DOMAIN', 'www.[mydomain].com'),
I need to remove www., so this value must be like this:
'domain' => env('SESSION_DOMAIN', '[mydomain].com'),
For any reason from desktop browser with no special configuration the cookie works with no problem.
Upvotes: 1
Related Questions
- Laravel Session always changes every refresh / request in Laravel 5.4
- Laravel passport: clear session from mobile
- Laravel/Vue - Sessions on firefox not working correctly (CSRF token mismatch, session data is null, etc)
- laravel 6 session restart through each request
- Laravel Set Session or Token for External User Login Successfully - No User Database Only Api user
- Laravel 5.6 shopping cart based on session token authentication issue
- Laravel 5.1. Token from and session token are different using mobile browser (login action)
- Laravel 5.1 Token mismatch between POST header token and token in session