Laravel 7 Weird Logout Issue

- 1 answer

I have just finished a Laravel 7 app. Upon after finalising payments, I am now having weird issue. I send LOGGED IN USER to payment gateway, the user pays and gateway sends back the user to website as a POST request. But the website response action is never called. Since it is under auth middleware, the user is I don't know how LOGGED OUT and sent to the login screen instead.

The route definition is as follows:


Route::middleware('auth')->group(function () {

    // This sends the user to gateway
    Route::post('subscription', '[email protected]')->name('subscription.renew');

    // Gateway sends the user back here
    Route::post('subscription/process', '[email protected]')->name('subscription.process');

Inspecting network tab about hops is as follows:

POST http://localhost:8000/subscription -> 302 << gateway >>
<< gateway >> -> POST http://localhost:8000/subscription/process -> 302 http://localhost:8000/login

In the response where the app sends to http://localhost:8000/login, the headers have laravel_session cookie as required.

But the action http://localhost:8000/subscription/process is never called and user is logged out. Never had such issues upto Laravel 6 with same payment gateway.

Moreover, I also added below URL to VerifyCsrfToken middleware as at first, it was throwing 419.


namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
    protected $except = [

Can anybody shed some light on what could be the reason?



Found out! It was due to SameSite=Lax set by default in Laravel 7 session cookie as in commit.