I am using Laravel 5.5. I have configured a number of authentication guards that use the session driver. Each has a different user provider. The providers all use the eloquent driver, but each creates a different type of user, e.g. App\User\Staff, App\User\Customer.
In addition I have setup subdomain routing for each of my user types, e.g. staff.mydomain.com, customer.mydomain.com. Today I was delighted to find that if I log in at one sub domain, that information is not shared with the other domain (by default anyhow). This means that I can be logged in on one browser tab as a staff member, and on another browser tab as a customer.
Or at least that's what I thought.
This works fine with the file session driver, however was unpredictable when using the database driver. The database showed new session records for each sub-domain, as I would expect, and the session ID's were refreshed on login. When I checked the Auth::check() though, in one tab it showed correctly (i.e. logged in for one guard, and guest on the others). In the other tab it showed guest on all guards.
I tried this back and forth (file/database session driver), and the file driver was consistently consistent, and the database driver was consistently flaky. Is this a bug? Or is there something I am missing about session-based authentication and sub-domains?
