I have a Laravel 8 application. The session is not working if deployed on the subdomain.
For example, I have a domain "example.com" and we have created two subdomains testapp.example.com and app.example.com for testing and staging environments.
When deploying the application on testapp.example.com first we observed that session not working after that updated config/session.php to set session domain = ".example.com". Initially, it was working after this change but when again the application deployed on "app.example.com" session not working on testapp.example.com. It is working for "app.example.com". I want different sessions to be maintained on these different subdomains, dont want to share session between subdomain. Can anyone suggest?
Thanks.
You do not want to set that session domain, that is the session_domain configuration if you wish to share the sessions across subdomains. By default it will not. You need them to be set to app.example.com and testapp.example.com accordingly. This is the SESSION_DOMAIN in the .env file
Alternatively you can simply change the SESSSION_COOKIE for each application. This is best set in the .env file as SESSION_COOKIE=testexample.com or alternatively in config/session.php if you already modified the default laravel settings in there.
Related
I am looking at swapping out the session_domain in laravel to be part of the base domain like so: '.example.com'.
This is so we can persist sessions across all subdomains of the base domain as by default cookies are only persisted on the current domain
I have tested this locally which works fine, but it seems to cause issues with active sessions as the old cookie is still preserved in the users browser with the old domain. This seems to cause issues when trying to authenticate as there are now multiple session cookies (One with the old, and one with the new cookie domain path). I have to manually clear the cookies for this to work which i obviously don't expect my users to do.
I'm not keen on the idea of middleware to expire/unset these browser cookies as it just seems inefficient to run this on every request.
What would be the best way for me to clear existing browser sessions in Laravel so that when i swap the session_domain, it does not cause issues with existing user sessions?
You need to change the APP_NAME for each subdomain
Because it replaces the session,cookie with the same name on same browser with different tabs. In short if you login to one domain, it will replace the previous domain cookie. So you need to make it different for each subdomain.
If you are having multiple .env on each domain then change it explicitly if you are using one env file for different domains you need to dynamically change it. That way your cookie won't be replaced.
If you look at inside config/session.php
'cookie' => env(
'SESSION_COOKIE',
Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
),
This is where your cookie name is generated if you see that in browser Application tab inside Cookies section.
In your case, it will be laravel_session cookie name
I am struggling to manage session between domain and sub-domain
my domain is example.com having own laravel(5.1) folder structure and other sub-domain having its own laravel(5.1) folder structure
domain and sub-domain access same database
below domain look like
example.com
forum.example.com
access same database "mydatabase"
session management occured only on example.com have numbers of user. I would like to access users same session in forum.example.com
To share session between your domain and sub domains you should:
Set the same value for domain in app/config/session.php as: .example.com
Make sure both of your Laravel applications share the same session storage, for ex. you better be using database or redis session driver
Make sure you have the same APP_KEY set in your .env file
I am have install Two codeigniter develope two different different site in localhost.
issue is that any of site login after this session value config with anther value.
in two site for login i am create same session it;s name is user_login
when one of site login another side automatically login.
if logout one to site another site also logout.
so can you guide me how to setup and what are the change in config file to maintain session?
In you config file change the value of
$config['sess_cookie_name'] = 'you own name for the session'
and this will not occur again.
This is because both are using the same session name which is mention in the config file
I am new to Laravel. I have created a domain and subdomain with a specific domain group.
domain.com
admin.domain.com
On my domain.com a user can login. And in the subdomain admin.domain.com an admin can login. The problem Im having is when a user is logged in the root domain the admin subdomain is also logged in. I want the root domain and subdomain to be of different sessions. Please help!
This problem is not on framework, I got this problem when I worked with Yii 2.0 too, the issue because sessions general from application key, the solution is make key different between root and subdomain.
The solution here is you have to general another Laravel Application key on your subdomain follow the document:
php artisan key:generate
Application key [Idgz1PE3zO9iNc0E3oeH3CHDPX9MzZe3] set successfully.
2 keys in root and subdomain have to different.
Hope this help.
Laravel by default uses a single cookie to keep session data and manage its authentication system, thats why your user keeps logged across your subdomains, because your cookie is still there.
In this case I think you have 2 options:
1st: Create a different auth system using middlewares for each subdomain group to manage sessions (lets say you create/read a different cookie for each subdomain, but this could be a little bit tricky if the same user want to use the app across different subdomains at the "same time").
2nd: Use a different session driver (lets say database e.g.)
Suppose in a domain (app.domain.com) I have set a Session like this:
Session::put('test', 'value');
Then in different domain (ex. news.domain.com) I want to retrieve that session value. Note that the other domain is located ON DIFFERENT SERVER, but still same domain name.
My question is, will Session::get('test') is available in news.domain.com if I set the laravel config file to domain => '*.domain.com'?
If you have the subdomains hosted on different physical machines, setting the domain in app/config/session.php to this:
'domain' => '.domain.com'
will work as long as the two apps will be able to access a shared session data storage (for example using the database session driver and having a common database that stores the sessions).