How to prevent Laravel from sharing session/cookies between multiple subdomains

Asked Jun 09 '23 at 20:46

Active Jun 09 '23 at 21:58

Viewed 24 times

I am using Laravel with Sanctum.

I have 2 SPA's (Vue apps) at different ports:

localhost:8080 -> spa1 (admin area)
localhost:8081 -> spa2 (member area)

My API communicates with both SPAs.

localhost:8000 -> api

The problem is, whenever I authenticate in spa1, spa2 is authenticated also.

I placed these 2 environment variables for Sanctum in .env:

SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost:8080,localhost:8081

I am expecting to authenticate with one account in spa1 and with another account in spa2. I do not want to share any session/cookie between spa1 and spa2.

edited Jun 09 '23 at 21:58

matiaslauriti

7,065
4
31
43

asked Jun 09 '23 at 20:46

Enthusiasm

1

Those are not "multiple subdomains" they are the same domain. Presumably you are just doing this for testing, so you could put some static DNS entries in your hosts file to get it working. – miken32 Jun 09 '23 at 22:03
@miken32 it does! I now understand cookies are shared between different ports at the same domain. If you make an answer I will approve it. Thank you! – Enthusiasm Jun 10 '23 at 11:13

How to prevent Laravel from sharing session/cookies between multiple subdomains

0 Answers0