phplaravel.htaccesssession-cookieslaravel-sanctum

Deploying Laravel to a subfolder


Does Sanctum (or Laravel) cookie-based session require me to have Laravel deployed to the root folder?

Background

My application lives in a monorepo with server, client and some other folders, with server folder containing Laravel 11 (used as backend API) and client folder containing Vue 3 SPA. The setup works okay when deployed to a docker container, but deploying it to a shared hosting results in the following strange issue:

Issuing login/logout commands works correctly in that I get the expected response body, but somehow subsequent calls to the server do not recognize the request as authenticated. For example, doing Auth::check() in the subsequent request returns false. My feeling is that this has got something to do with the cookies not be set correctly.

I have spent time to make sure I'm not doing any of the usual mistakes:

Could it be that one of these .htaccess files is interfering with how Sanctum issues/recognizes its cookies?


Solution

  • This turned out to be a problem with the value of SANCTUM_STATEFUL_DOMAINS environment variable. While it worked correctly with https://${APP_NAME} on the local docker container, I had to specify www. prefix on production server. To be safe I then added all possible combinations with and without https and www:

    SANCTUM_STATEFUL_DOMAINS=https://${APP_NAME},https://www.${APP_NAME},https://${APP_NAME}/,https://www.${APP_NAME}/,${APP_NAME},www.${APP_NAME}

    It works correctly now.