Share Laravel Session on Subdomains with different guards

Question

I'm currently using spatie/permissions and a Subclass of User with constraints to permissions to Login to subdomains in my application.

I now want to be able to share the session between my main domain example.com and the domains some.example.com where some is dynamically loaded from database.

When my logged-in User in example.com accesses the abc.example.com domain and is able to log in there I want to use the current session.

I use different guards on subdomain and domain with the SubUser and User classes as providers.

I already use the database session driver and can see in the logs that the same session id is loaded from database. As the application is loading the same session from database I'm wondering why my user is not already logged in.

Anyone ever tried this and got a solution for this?

this might lead you somewhere: https://laracasts.com/discuss/channels/general-discussion/multi-domain-session — Quezler, Sep 06 '17 at 12:15
replied here https://stackoverflow.com/questions/26463467/laravel-maintain-a-session-in-subdomain-of-different-server — aaron0207, Sep 06 '17 at 12:16

score 3 · Accepted Answer · answered Sep 06 '17 at 14:12

So I managed to resolve this issue.

My setup is all subdomains got the user guard and the main domain has the admin guard.

I realised that the Auth::getName() included the guard name and as I logged in using different guards I ended up having two active logins in one session. But these logins had different names and where only valid with the right guard. This guard being different in main domain and subdomains resulted in not really sharing login-state over domain and subdomains.

I managed to resolve this by overriding the default laravel SessionGuard and adding my own driver like so:

In config/auth.php:

'guards' => [
    'user' => [
        'driver' => 'extended_session',
        'provider' => 'users',
    ],

    'admin' => [
        'driver' => 'extended_session',
        'provider' => 'admins',
    ],
]

In AppServiceProvider.php

\Auth::extend('extended_session', function ($app, $name, $config) {
    $providerConfig = $this->app['config']['auth.providers.'.$config['provider']];
    // If you don't use eloquent you need to alter the next line accordingly
    $provider = new EloquentUserProvider($app['hash'], $providerConfig['model']);
    return new SessionGuardExtended('extended_session', $provider, $this->app['session.store']);
});

And add a new Class named SessionGuardExtended like this:

use Illuminate\Auth\SessionGuard;
class SessionGuardExtended extends SessionGuard{}

This results in a shared session with the same auth name for domain and subdomains.

Thank you for this. Laravel also uses the class' name: ```'login_'.$this->name.'_'.sha1(static::class)``` where `name` is the driver's name and static::class is in Oli's example `SessionGuardExtended` with the full namespace — dacastro4, Apr 20 '22 at 20:39
This is the only solution I found to this problem and it works perfectly! Now, my admins have their sessions shared between the backoffice and the main domain but my users didn't get access to the backoffice. Thank you for this! — Matheus Dal'Pizzol, Dec 13 '22 at 18:32

score 0 · Answer 2 · answered Sep 06 '17 at 12:16

0

Add SESSION_DOMAIN to your .env file and set it to .example.com

answered Sep 06 '17 at 12:16

Norris Oduro

1,019
8
17

already did that. this resulted in laravel loading the same session id on `example.com` and `some.example.com` but still doesn't persist the logged in state – Oli Sep 06 '17 at 12:19
cleared out everything. cookies, session table, browser data, browser history, application cache... – Oli Sep 06 '17 at 12:22

Share Laravel Session on Subdomains with different guards

2 Answers2