Good day, friends. Help to understand, can not transfer the session between the subdomains of the application in Laravel?

When authorizing a user, he is authorized by the order method of the Laravel framework and redirects to the subdomain (there is a user profile), but on the subdomain to which we redirect the user, the user’s session is not transmitted, and therefore it’s not registered on the subdomain itself. the domain from which we redirect the session is and everything works fine. enter image description here

  • In the browser, look in the developer’s tools, the Network tab, what the server sends you (which cookie). - Visman
  • It updates the url with a subdomain and returns to the login page as there is no session on the subdomain. - Nick
  • Cookie: laravel_session = eyJpdiI6IlJuVzZDQnBBV1wvOUxQTkVOOGNhaVV3PT0iLCJ2YWx1ZSI6IlpYZndNRG5WUWpVQzhpdkxXMER6cGp5bUdaMElqa3lFZGlCNjZtQkhYQU13cDJidzN4OGhlYVdrNU5lWkJkZElPMEx3XC9iMEFEanV2enZBaGtJMFV0UT09IiwibWFjIjoiNGFhOTZmODA2NzI0Y2IxYjc0MWE3ZjRiZmMyNzllOTRmZWZkYTI4ZDRlZDc4ODRkODA5YWM5NDNjMzRkMWYzYSJ9; expires = Tue, 27-Jun-2017 18:30:18 GMT; Max-Age = 7200; path = /; httponly - Nick
  • path=/; here the domain must be specified so that the cookie is visible in the subdomains too. - Visman
  • Ok, but do not tell me what function you can push the domain there? I’ve been working with Laravel for a couple of months. - Nick

1 answer 1

From the comments to the question, it was found out that session authentication cookies are set without explicitly specifying the domain. As a result, they operate only on the main domain (where they were installed).

For session authentication cookies to be visible on subdomains, you need to explicitly specify your domain in the config / session.php file

 /* |-------------------------------------------------------------------------- | Session Cookie Domain |-------------------------------------------------------------------------- | | Here you may change the domain of the cookie used to identify a session | in your application. This will determine which domains the cookie is | available to in your application. A sensible default has been set. | */ 'domain' => env('SESSION_DOMAIN', null),

So

 'domain' => 'your.site',

(previously, a starting point was needed in the domain name so that the cookies were visible on the subdomains, now, according to the new rules, this is not required).