Laravel 5 null cookie crash

Question

Scenario:

Same browser.

1. Tab 1: logging into my laravel application.
2. Tab 2: logging into my laravel application.
3. Tab 2: log off
4. Tab 1: Click a button that causes a redirect to a route that's protected by: Route::group(['middleware' => 'auth'], function () { ...

Result: Laravel 5 crashes before it gets to my code on:

Stack:

Symfony\Component\Debug\Exception\FatalErrorException Call to a member function setCookie() on null
    vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:184 __construct
    vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php:131 fatalExceptionFromError
    vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php:116 handleShutdown
    vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php:0 addCookieToResponse
    vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:72 handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:125 Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php:36 handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:125 Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:40 handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:125 Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php:42 handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:125 Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:101 call_user_func:{/home/vagrant/dev/opus-web-app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:101}
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:101 then
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:115 sendRequestThroughRouter
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:84 handle
    public/index.php:53 {main}
    public/index.php:0 [main]

Even when I remove the Route::group(['middleware' => 'auth'] group from my routes... going in tab 1 to the now open URLs will produce this error. I just don't get it.

How do I get rid of this?

Answer 1

I figured out the cause, but I'm just not sure about it. Hoping one of you will know.

In kernel.php:

I had the 'App\Http\Middleware\VerifyCsrfToken' defined in the $middleware black and not the $routeMiddleware. when I moved it to the $routeMiddleware I stopped getting that error.

Content of VerifyCsrfToken:

class VerifyCsrfToken extends BaseVerifier {

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($request && (($this->isReading($request) || $this->excludedRoutes($request) || ($this->tokensMatch($request) && Auth::check()))))
        {
            return $this->addCookieToResponse($request, $next($request));
        }

        return view('sessionOver');
    }

    protected function excludedRoutes($request)
    {
        $routes = [
            'deployPush'  // webhook push for bitBucket.
        ];

        foreach($routes as $route)
            if ($request->is($route))
                return true;

        return false;
    }
}