Laravel Sanctum - Store cookies on localhost subdomain

Question

I'm working on an webapp (Laravel/Vue) with a subdomain per organisation (companyone.mydomain.com, companytwo.mydomain.com, ...)

As authentication system I'm using Laravel Sanctum with cookies. While setting a cookie is working on localhost it's not working when using subdomains locally.

My backend is running on localhost:8000 while the frontend is running on localhost:8080. For cors reasons I've added a proxy property in vue.config.js

module.exports = {
    devServer: {
        disableHostCheck: true,
        proxy: 'http://localhost:8000',
    },
};

I've changed the /etc/hosts file so I can simulate subdomains locally

127.0.0.1  localhost
127.0.0.1  mydomain.com
127.0.0.1  companyone.mydomain.com
127.0.0.1  companytwo.mydomain.com

On the backend I've added the following lines to the .env file (and restarted the php artisan serve script)

SESSION_DOMAIN=.mydomain.com
SANCTUM_STATEFUL_DOMAINS=mydomain.com

In the Authcontroller I'm returning the cookie like this

$token = $user->createToken(Str::random(10))->plainTextToken;
$cookie = cookie('mydomain_api', $token, 60 * 24);
        
return response([
   'token' => $token,
   'user' => new AuthResource($user)
], 200)->withCookie($cookie);

The cookie settings are the following

$domain = null
$secure = true
$httpOnly = true
$sameSite = 'None'

When calling the login function I'm receiving the cookie in my browser like this

but Application -> Cookies stays empty

The request header

When sending another request to the api, no cookies are added. How can I get the cookie in the Cookies storage?

[EDIT 1] When hardcoding the domain on the backend to mydomain.com I'm getting the following error in the browser

@user202729 I don't know but when hardcoding the domain to ```mydomain.com``` I'm getting an error. See [EDIT 1] — Thore, Aug 17 '21 at 13:41
It seems that you should just access the website with `companyone.mydomain.com` in the browser? Are you doing that already... — user202729, Aug 17 '21 at 13:42
@user202729 That's what I'm doing. All the requests are being sent from ```companyone.mydomain.com``` actually from ```companyone.mydomain.com:8080``` — Thore, Aug 17 '21 at 13:43
Weird? Could be because there's only one dot. https://stackoverflow.com/a/1188145/5267751 — user202729, Aug 17 '21 at 13:46

score 0 · Answer 1 · answered Aug 26 '21 at 09:36

0

Update your .env

SANCTUM_STATEFUL_DOMAINS=localhost:8080,mydomain.com:8080,companyone.mydomain.com:8080,companytwo.mydomain.com:8080,::1,localhost:8080,localhost:3000

answered Aug 26 '21 at 09:36

S N Sharma

1,436
2
7
20

score 0 · Answer 2 · answered Aug 27 '21 at 11:17

0

try to add folowing lines in your in .htaccess file

# Handle Authorization Header
# RewriteCond %{HTTP:Authorization} .
# RewriteRule .* - [E=Authorization:%{HTTP:Authorization}]

answered Aug 27 '21 at 11:17

Huzaifa Qidwai

239
1
3

Laravel Sanctum - Store cookies on localhost subdomain

2 Answers2