Laravel subdomain: single auth across all subs not working?

Question

I'm building a site with a dynamic subdomain system eg (name.domain.com). I'm using Ubuntu with laravel's serve command.

ive set it all up in my routes as so:

Route::domain('{x}.localhost')->group(function (){
    Route::get('/url/',  'SomeController@someAction')->middleware('can:xyz,x')->name('someName');
});

Now, everything works great, apart from the fact Auth is subdomain locked

eg(xyz.localhost:8000/ , localhost:8000/) require separate logins.

after a bit of googling I read, I can overwrite this in the config/session.php file under 'domain'. So in my .env file I set up a new var for SESSION_DOMAIN and point it to ".localhost" or ".localhost:800" or just for testing I get the same with the IP 127.0.0.1 / :8000 as suggested however when I try to login my session is not valid right after login eg( i log in and get redirected to the correct route but my auth catches that I'm not logged in)

session config

'domain' => env('SESSION_DOMAIN', null),

my .env

SESSION_DOMAIN=.localhost

It seems like no cookies are being set for some reason?

Should probably note this is happening using both files and the database for sessions, I've also cleared out my cache and session storage each time along with cookies, etc.

-- I've tried everything I can think of over the last few days to solve this with no luck. Even on a fresh install of laravel the same issue is there.

I can log in with FF on the main URL, but on the sub URL I'm not logged in and I get a 419 if I try.

Any suggestions? Kind regards, Matt

-Edit

To reproduce on a new install of laravel, first, install the auth package:

composer require laravel/ui

php artisan ui vue --auth
npm run dev

Next, edit your .env file with your Mysql database info and add this line to the file:

SESSION_DOMAIN=.localhost

Last of all add this to your web.php routes file.

Route::domain('{foobar}.localhost')->group(function (){
    Route::get('/test/',  'HomeController@index');
});

(i like to create an account here in the command line) Then push the default migrations and run the server and test by logging in on the home page and then any subdomain.

Answer 1

Well its because of the localhost domain, instead use virtual domain like something.test and then set SESSION_DOMAIN=.something.test and clear out cache. localhost and 127.0.0.1 are not same origin so cannot set session.