Laravel - Clear browser session cookies

1
votes

I am looking at swapping out the session_domain in laravel to be part of the base domain like so: '.example.com'.

This is so we can persist sessions across all subdomains of the base domain as by default cookies are only persisted on the current domain

I have tested this locally which works fine, but it seems to cause issues with active sessions as the old cookie is still preserved in the users browser with the old domain. This seems to cause issues when trying to authenticate as there are now multiple session cookies (One with the old, and one with the new cookie domain path). I have to manually clear the cookies for this to work which i obviously don't expect my users to do.

I'm not keen on the idea of middleware to expire/unset these browser cookies as it just seems inefficient to run this on every request.

What would be the best way for me to clear existing browser sessions in Laravel so that when i swap the session_domain, it does not cause issues with existing user sessions?

1
laravelsessioncookiessession-cookies
I think you need to re-generate the session.cookie, and make it forget that. - Skumar
If i am not wrong, you are accessing multiple project with the same browser and when you access in different tabs the old one gets expired ? is this the case ? - Akhtar Munir
Yes, we have multiple applications stored on different sub domains. E.G: admin.example.com, user.example.com. They are actually all part of the same application, but we have different routes/guards setup for different subdomains. - Bob Deli
It means you have different laravel projects ? - Akhtar Munir
Ah thank you, this makes sense. I'll give it a go :) - Bob Deli

1 Answers

0
votes

You need to change the APP_NAME for each subdomain

Because it replaces the session,cookie with the same name on same browser with different tabs. In short if you login to one domain, it will replace the previous domain cookie. So you need to make it different for each subdomain.

If you are having multiple .env on each domain then change it explicitly if you are using one env file for different domains you need to dynamically change it. That way your cookie won't be replaced.

If you look at inside config/session.php

'cookie' => env(
    'SESSION_COOKIE',
    Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
),

This is where your cookie name is generated if you see that in browser Application tab inside Cookies section.

In your case, it will be laravel_session cookie name