Laravel auth session cookie not sending

Question

So I have a pretty basic Laravel login script

$email = Input::get('email');
$password = Input::get('password');
if(Auth::attempt(array('Email'=>$email, 'password'=>$password), true)){
    return Response::json(array('success' => true,'logged_in'=>Auth::check() ));
}

I'm logging in with a valid Email and Password. I've put "logged_in" in the response array just as a test, and it returns true after the attempt. However, the "laravel_session" cookie is not returned on the response, and subsequent calls do not see the user as logged in. This is only happening on my Production server, my local environment and test environment both work with no issue.

As another note, I noticed that Response::json is returning the text/html MIME type, instead of application/json. I wasn't sure what was causing that, so I just set the jQuery.ajax dataType to "json" to get around it. This only happens on my production server as well. I'm all out of ideas on this one, and would be very thankful for some help.

Answer 1

Man, I forgot I asked this question. But I did end up finding the answer, and it was really silly but important, so I'll answer it now.

Deep in one of my configuration files, someone (probably me) had inserted a space before the <? beginning of a PHP file. This was before any headers were set, and so they weren't allowed to be changed (meaning no cookies could be set) since data had already been written to the output stream. So if you're searching for why this is happening to you, make sure you look for that.

Answer 2

Probably, your controller works good and sets cookie truely.But your browser can't save your cookies. Because of headers domain restrictions.

Can you sure your cookie system works good. Can you check app/config/session.php domain field looks like this.

'domain' => null,

Answer 3

Try removing the second boolean parameter (Auth::check(array, boolean)) or check if your user table has a remember_token column.

If you would like to provide "remember me" functionality in your application, you may pass true as the second argument to the attempt method, which will keep the user authenticated indefinitely (or until they manually logout). Of course, your users table must include the string remember_token column, which will be used to store the "remember me" token.

Also, either your code is flawed (you made a typo) or you have a weird database structure, because the email fields is written with uppercase.

array('Email'=>$email, 'password'=>$password)

to

array('email'=>$email, 'password'=>$password)

Answer 4

Since I had a similar problem, there is one other problem it could be:

You forgot to use the "web" middleware group.

'web' => [
    \App\Http\Middleware\EncryptCookies::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    // ... and more
],

If you do not, the queued cookies are never set.