The background is I'm updating a Laravel project using Laravel Shift and currently doing the jump from 5.8 to 6. The authentication has broken and I've troubleshoot it to the point where I'm not sure how to narrow it down any more than I already have.
I've confirmed the following
- The login is successful. Auth::user() is set as expected in the login request.
- The sessions table creates the session record (I've also tried file session driver but get the same issue)
- Auth Cookies are passed to client through Set-Cookie, stored, and passed to server in future requests.
- In future requests, the auth middleware runs, receives the auth cookies with correct keys and matching values in the session table, and uses the expected guard
- The guard check fails
Specifically I've did dumps inside vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php, where $this->auth->guard($guard) does show to be using the expected guard and has the auth cookie in the request. However the ->check() returns false, resulting in 302 to login form and Auth::user() to be null.
The auth middleware gives the same behavior when used in router as auth:api or in controller as $this->middleware('auth:api');
Here is my config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
],
Here is my LoginController method
private function loginUser($input, $request)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
$request->session()->regenerate();
// dd(Auth::user()); // This gets run and is set
return true;
}
else {
return false;
}
}
I'm seeking advice on further troubleshooting this auth issue. Everything before $this->auth->guard($guard)->check() seems as I would expect, and I'm unsure what to check for at this point. Any and all help appreciated.