Upgrading to Laravel 5.2 invalidates all sessions


Upgrading from Laravel 5.1.17 to 5.2. My config/auth.php originally contained:

'driver' => 'eloquent',
'model'  => 'Project\User',
'table'  => 'users',

New file is the same as the default, except with the updated namespace.

'defaults' => [
    'guard' => 'web',
    'passwords' => 'users',
'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    'api' => [
        'driver' => 'token',
        'provider' => 'users',
'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => Project\User::class,

My env SESSION_DRIVER is redis. I did not clear anything from Redis. (Note, this also happened in my other projects where driver was file, but I didn't care about it as much for them.)

I have two branches, L5.2 and master (which is on 5.1.17). After switching branches, I simply run composer install

If I login on master, then switch to L5.2, I am logged out
If I switch back to master, I am logged back in
If I login on L5.2, then switch to master, I stay logged in
If I switch back to L5.2, I stay logged in

I'm hesitant to upgrade if it's going to invalidate all of my users' sessions and force them to login again. Is there a way to avoid this?

The only other files that were modified were composer.json, composer.lock, app/Exceptions/Handler.php, and config/app.php; nothing that touched Auth.




I figured out what is causing the session to be invalidated. The problem is the session guard's getName() method.

In 5.1.17:

return 'login_'.md5(get_class($this));

In 5.2 ($this->name would be web by default):

return 'login_'.$this->name.'_'.sha1(get_class($this));

Also, the class name itself changes from Guard to SessionGuard

If I replace this method with:

return 'login_'.md5('Illuminate\Auth\Guard');

That keeps my sessions logged in.

This is progress but not a complete solution yet. The real solution is to update all of your existing sessions with the new name. I'll work on a script to complete this and then update my answer.

source: stackoverflow.com