#xsrf and session domain issue

4 messages · Page 1 of 1 (latest)

marsh niche Feb 28, 2025, 5:05 PM

hello i have publish my website on 1 domaine and 1 subdomain dev.mydomain and juste mydomain and when i go on cookie i have this but in on env the arrent .

SESSION_DRIVER=redis
SESSION_LIFETIME=120
SESSION_ENCRYPT=true
SESSION_PATH=/
SESSION_DOMAIN=dev.teenovax.com
SESSION_COOKIE=dev_teenovax
SESSION_COOKIE_SECURE=true
SESSION_SAME_SITE=strict

SESSION_DRIVER=redis
SESSION_LIFETIME=120
SESSION_ENCRYPT=true
SESSION_PATH=/
SESSION_DOMAIN=teenovax.com
SESSION_COOKIE=teenovax
SESSION_COOKIE_SECURE=true
SESSION_SAME_SITE=strict

i think the issue is not from laravel but from nginx on plesk but i have doubt

brazen compass Feb 28, 2025, 5:26 PM

I'm not sure, but I think if you just remove the SESSION_DOMAIN config, the cookies will only be set for the current domain (with no leading .)