Using 5.0

in config/session.php I have set 'domain' => '.example.com' but it is not working. I cannot persist a session on even one domain like this.

My site has many subdomains:

vancouver.example.com
newyork.example.com

etc... they are hosted on the same server and are the same Laravel app (share the same storage directory)

I login with the correct credentials, upon which the app redirects to another page on the site, and I have no session at that point. var_dump(Auth::user()) shows null even though I logged in with the correct credentials.

storage/framework/sessions shows 14 different files there, they are all for me and I cleared them out before I started testing this.

I'll attach my AuthController@postLogin method below, which works fine if session.php 'domain' => null

public function postLogin(Request $request)
{
    $this->validate($request, [
        'email' => 'required|email', 'password' => 'required',
    ]);

    $credentials = $request->only('email', 'password');

    if ($this->auth->attempt($credentials, $request->has('remember')))     {
        Session::flash('message', 'You are now logged in.');
        Session::flash('status', 'success');

        if (str_contains($_SERVER['HTTP_REFERER'], '?goto=')) {
            $params = explode('?', $_SERVER['HTTP_REFERER'])[1];
            $target = explode('=', $params)[1];
        } else {
            $target = '/';
        }

        return redirect($target);
    }

    return redirect($this->loginPath())
                ->withInput($request->only('email', 'remember'))
                ->withErrors([
                    'email' => $this->getFailedLoginMessage(),
                ]);
}

Figured it out. Update domain => '.example.com' in session.php and clear the cookies for the site in question.

@gadss

you need to add session table like this

php artisan session:table

composer dump-autoload

php artisan migrate

and change .env to SESSION_DRIVER=database

also modify config/session.php

'driver' => env('SESSION_DRIVER', 'database') and

'domain' => '.yourdomain.com'

after that clear your browser's cache and cookies.

Have you tried storing the sessions in the database, memcached, or redis instead of in files? I had a similar situation to yours and storing sessions in the database solved the issue for me.

For some reason Laravel's session driver doesn't handle cross domain sessions correctly when using the file driver.

If someone still gets the problem with subdomain cookie. Try to change Session Cookie Name in config/session.php