Laravel Session Id always changes every refresh in Laravel 5.4

So the title basically says it all, I am using Laravel 5.4, PHP 7.1 and on my local machine sessions are working just fine. Essentially when trying to login or reloading the page every time I get a new CSRF token which breaks everything. I am using database as my session driver and it creates a new entry into the DB every single request I make. This happened on my local machine when I first upgraded but to fix it the solution was to update my cookie_domain env variable and I got it working. However on my new server I have tried every domain I could think of and it still does not work.

Here is what I know,

  • Session cookie is not being saved under Chrome -> Application -> Cookies, this is indeed showing up on my local setup.

  • CSRF-TOKEN gets a new value every page reload but the XSRF-TOKEN cookie is present and maintains its value on every reload.

  • Both local and my new server are running the exact same git branch, and are both running apache 2.4, Laravel 5.4 and PHP 7.1 so this makes me assume it is a config issue of some kind. Both local and server are running centos 7

  • Every request creates a new session in the DB, this happens for get, post and ajax requests.

I assume this is a config issue from somewhere but I have no idea, any help would be greatly appreciated.

zocheyado
zocheyado
  • 2 months ago

I found the solution to this was 2 parts, not sure why it varied since it was the same OS and setup.

Step 1 make sure that COOKIE_DOMAIN is set properly and with no port numbers (Either in .env or /config/sessions.php, whichever you use)

Step 2 make sure that the cookie name ( 'cookie' => 'whatever') inside of /config/sessions.php does NOT have an underscore in it. Laravel apparently has had issues with this.

Is the underscore in the session a legit bug? We're using an underscore in our current 5.3 application. We're planning to migrate later this year to 5.5 because of the LTS.