Persisting sessions across subdomains in Laravel 5
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
Title: Persisting Sessions across Subdomains in Laravel 5
Subdomains are an important part of your Laravel application if you wish to provide multiple services or different regions under a single app. Sometimes, setting up sessions on all subdomains with the same Laravel application can be tricky. In this article, we will guide you through the process and give you some useful tips for effective session management.
Your Issue
------------------------
You are trying to use sessions across multiple subdomains that share the same Laravel app on your server. Although you have configured your `config/session.php` file with `'domain' => '.example.com'`, it does not seem to work for all subdomains or even one specific domain. You are unable to persist sessions and login is failing.
Step-by-step guide to Fix Your Issue
------------------------
To resolve this issue, you should follow these steps:
1. In your Laravel application, go to `config/session.php` and change the value of the `'domain' => '.example.com'` line to: `'domain' => null`. Setting domain to `null` will make sessions work across all domains and subdomains within that same app installation.
2. Ensure your project is running on a development environment (localhost or test server) to prevent any security issues related to hosting multiple apps under the same domain. It might be necessary to change your .env file's APP_URL variable to `null`. This will force Laravel to use sessions without any subdomain restrictions.
3. If you are running on a live environment, make sure that all relevant subdomains are added as aliases in your `/etc/hosts` file (or equivalent) on the server side so that they can be accessed locally using the same domain name.
4. In your AuthController@postLogin method, perform some additional checks or logic to prevent CSRF (Cross-Site Request Forgery) vulnerabilities. For example, you could add a new check for the current URL or subdomain in your login process:
```php
if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourapp.example.com') !== false) {
// Proceed with login as per normal, redirecting after success
} else {
return redirect($this->loginPath())
->withInput($request->only('email', 'remember'))
->withErrors([
'email' => $this->getFailedLoginMessage(),
]);
}
```
5. If you are using a framework like Vue.js or React on your frontend, ensure that you provide a secure way to handle and persist sessions across subdomains. You can create custom session routes to handle these requests from the frontend framework by extending Laravel's default authentication controller. This will enable seamless integration between back-and-frontend while maintaining proper security measures.
Conclusion
------------------------
With these steps, you should be able to successfully persist sessions across your Laravel app and its subdomains. However, remember that it is always best to utilize proper authentication and authorization practices in your code for optimal performance and security. For more information on the subject, check out our comprehensive tutorials at https://laravelcompany.com.