Laravel 5.7 Auth::loginUsingId() not working after CSRF token generated

Question

I am trying to auto-login user on step-2 of registration steps. After successful insert into db i am using Auth::loginUsingId($user_id) to auto-login user using ajax. I am always submitting CSRF token on each steps.

Now the problem is after successful login CSRF token get generated and Auth::user() gets blank on step 3

Also before and after login CSRF is different.

Answer 1

First of all, csrf token is required when using non-GET request, so if in your case using GET request seems reasonable you can use it.

Otherwise, in step 2 you should return new CSRF token for example like this:

Auth::loginUsingId($user_id);

return response()->json(['csrf_token' => csrf_token()];

and then in step 3 use this new token you got from Step 2 response.