Home > Mobile >  Prevent Laravel session overlap on subdomains
Prevent Laravel session overlap on subdomains

Time:06-07

I have two independent copies of a same Laravel app on my domain, each one behaves as expected when used exclusively:

app1.mydomain.com
app2.mydomain.com

They do have different APP_NAME values in their respective .env files. I do want the two to be completely independent (thus all of the rational env variables are set appropriately unique, e.g: the APP_KEYs, APP_NAMEs, APP_URLs, etc). While two distinct databases are designated (though on a same host, of course), I've put an identical "user" on both of the databases.

The thing is, sometimes when they're being utilized together (kinda concurrently), a 419 error shows up when I'm already logged into one of them through the "user" credentials, and try to log into the other one through a distinct but identical "user" credentials! Seems like the app2 thinks the user is already logged in; while the user is already logged into the other supposedly independent subdomain. I've tried SESSION_COOKIE and SESSION_DOMAIN environment variables to no avail.

By setting the SESSION_DOMAINs to app1.mydomain.com and app2.mydomain.com respectively; you may log into one of them successfully; but trying to log into the other one displays the error page of 419! Also, the domain entries for the session in the browser are set with a preceding dot, e.g: .app1.mydomain.com (while when you omit the SESSION_DOMAINs, the values do appear without the leading dot.)

I've noticed a session of app1_session does also show up in the browser cookies for app2.mydomain.com (and sometimes a session of laravel_session do also show up! the laravel is a default string substituted whenever the environment variable of APP_NAME is not read by the system!)

So, what's wrong and how can I fix it?!

CodePudding user response:

Assuming you are setting up each .env file pointing to each separate sub domain. The functionality you may be after is setting the same_site value to strict.

This will ensure only cookies that are from the defined domain are accepted.

P.S. for good measure, a php artisan config:clear once you change it.

CodePudding user response:

I think its not a Problem on Any of your subdomains Probably . I think You where checking out Both the site on same browser instance that why this issue is occuring try to use one on normal browser mode & open another on Private mode (or) Incognito mode ... it would probably works on your case ....

If it does not works for you Implement A Laravel Session Table So you can Track Session IDs of logged in user having a current session i hope it works for you

Page link:https//www.codepudding.com/Mobile/433375.html

Prev:SrollToTop method doesn't work with a component in Ionic 6/Angular
Next:Remove ability to edit data if person refreshes page / visits from another tab?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding