Laravel Filament v3 automatic logout if SESSION_DRIVER=database

Question

Problem:

I'm currently trying to implement filament v3 into my current laravel v10 project also using livewire v3.

After installing filament v3 as described in their installation guide I am able to see the filament login screen where I can log in under certain conditions:

• The first login works with my already before existing user credentials just fine.
• If I then get redirected to the default filament dashboard and want to click on "Dashboard" again I automatically get logged out and redirected to the filament login screen (This should not redirect me at all).
• Also if I now want to log in again, the browser shows me a message saying "This page has expired. Would you like to refresh the page?"
• If I now click refresh I'm trapped in a loop... I am now at the login screen again (not logged in).
• The only thing to exit this loop is to manually refresh the page once more and try to log in again.
• Then I'm back at the dashboard, getting logged out automatically again if clicking on "Dashboard" again as before.
• The only way to stay logged in can be achieved if I check the checkbox "Remember me" before the first login.
• Now I can stay logged in to the filament dashboard, but if I now click on "Log out" I get a "Laravel POST Error".
• Also if I log in to my current app before and then try to access the filament dashboard I also immediately get logged out and redirected to the filament login screen...

What I tried so far:

I have already searched everywhere I could and found just a few people with the same or a similar problem:

• This (https://github.com/filamentphp/filament/discussions/8574) is an discussion I found on the filament repo on github which represents my problem the best. If I change my SESSION_DRIVER to SESSION_DRIVER=file instead of SESSION_DRIVER=database everything works as expected but I can't find the solution WHY?!
• I also ruled out I is a bug on a clean laravel v10 / filament v3 install. Here also everything works fine (Also with SESSION_DRIVER=database).

Things I also tested / resources I checked:

• https://github.com/filamentphp/filament/issues/2328
• https://github.com/livewire/livewire/discussions/4959

System info:

• MacOS 14.3.1
• PHPStorm 2023.2
• Chrome 121.0.6167.160
• Laravel 10.44.0
• Livewire 3.4.4
• Filament 3.2.34
• PHP 8.1

EDIT:

I now found a solution to bypass the problem:

<?php

namespace App\Providers\Filament;

use Filament\Http\Middleware\Authenticate;
use Filament\Http\Middleware\DisableBladeIconComponents;
use Filament\Http\Middleware\DispatchServingFilamentEvent;
use Filament\Pages;
use Filament\Panel;
use Filament\PanelProvider;
use Filament\Support\Colors\Color;
use Filament\Widgets;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
use Illuminate\Routing\Middleware\SubstituteBindings;
use Illuminate\Session\Middleware\AuthenticateSession;
use Illuminate\Session\Middleware\StartSession;
use Illuminate\View\Middleware\ShareErrorsFromSession;

class AdminPanelProvider extends PanelProvider
{
    public function panel(Panel $panel): Panel
    {
        return $panel
            ->default()
            ->id('admin')
            ->path('admin')
            ->login()
            ->colors([
                'primary' => Color::Rose,
            ])
            ->discoverResources(in: app_path('Filament/Resources'), for: 'App\\Filament\\Resources')
            ->discoverPages(in: app_path('Filament/Pages'), for: 'App\\Filament\\Pages')
            ->pages([
                Pages\Dashboard::class,
            ])
            ->discoverWidgets(in: app_path('Filament/Widgets'), for: 'App\\Filament\\Widgets')
            ->widgets([
                Widgets\AccountWidget::class,
                Widgets\FilamentInfoWidget::class,
            ])
            ->middleware([
                EncryptCookies::class,
                AddQueuedCookiesToResponse::class,
                // StartSession::class, -> just commented out this line
                AuthenticateSession::class,
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                SubstituteBindings::class,
                DisableBladeIconComponents::class,
                DispatchServingFilamentEvent::class,
            ])
            ->authMiddleware([
                Authenticate::class,
            ]);
    }
}

Now I'm not completely sure if this is okay to do.

What I've encountered before: Every time I go to the filament dashboard or am redirected to the filament login screen a new session entry get's generated in the database where the old one get's abandoned (not deleted as normally when logging out).

After commenting out StartSession::class in my AdminPanelProvider.php file this is no longer the case. Now every time I log in (or log out) the session get's updated (or deleted and a new one get's created).

Is this safe to implement like this? Also why is it working just fine if SESSION_DRIVER=file?

Answer 1

For anyone stumbling on to this question... I finally found a solution for my project.
Although it's very unlikely anyone else is experiencing the exact same issue I will still post my findings:)

For me the reason for the bug could be found in the app/Http/Kernel.php file.

The following changes fixed it for me:

A bit on the background:

The project was started with Laravel v7 and grew since then... Maybe those days the Kernel.php file looked different to the todays version or I just modified it some time ago.