Laravel authentication, I can't retrieve the logged in user

All we need is an easy explanation of the problem, so here it is.


Always returns false. It is weird as the login function redirects me to the $redirectTo url, so the attempt is successful, but after I cannot retrieve the user. I am using Laravel 5.2.14 and Xampp. I don’t know what else to write, since it is supposed to work out of the box.

This is the output of php artisan route:list

| Domain | Method   | URI           | Name | Action                                                | Middleware     |
|        | GET|HEAD | /             |      | Closure                                               |                |
|        | GET|HEAD | add           |      | Closure                                               | web,auth.basic |
|        | POST     | addclub       |      | App\Http\Controllers\[email protected]                    | web            |
|        | POST     | auth/login    |      | App\Http\Controllers\Auth\[email protected]    | web,guest      |
|        | GET|HEAD | auth/login    |      | App\Http\Controllers\Auth\[email protected]     | web,guest      |
|        | GET|HEAD | auth/logout   |      | App\Http\Controllers\Auth\[email protected]    | web,guest      |
|        | POST     | auth/register |      | App\Http\Controllers\Auth\[email protected] | web,guest      |
|        | GET|HEAD | auth/register |      | App\Http\Controllers\Auth\[email protected]  | web,guest      |
|        | GET|HEAD | delete/{id}   |      | App\Http\Controllers\[email protected]                     |                |
|        | GET|HEAD | details/{id}  |      | App\Http\Controllers\[email protected]                    |                |
|        | GET|HEAD | listofclubs   |      | App\Http\Controllers\[email protected]                |                |

My config/sessions.php:

return [

    'driver' => env('SESSION_DRIVER', 'file'),

    'lifetime' => 120,

    'expire_on_close' => false,

    'encrypt' => false,

    'files' => storage_path('framework/sessions'),

    'connection' => null,

    'table' => 'sessions',

    'lottery' => [2, 100],

    'cookie' => 'laravel_session',

    'path' => '/',

    'domain' => null,

    'secure' => false,


How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Make sure that all your routes are included in the same “route group” and “prefix”

route::get('/','[email protected]'); /* this will not show your user because its an independent route  */


route::get('a','[email protected]');
route::get('b','[email protected]');
route::post('c','[email protected]');
route::get('d','[email protected]');
route::get('e','[email protected]');
route::get('f','[email protected]');
route::get('g','[email protected] ');
           /* a,b,c,d,e,f and g views will show your authenticated user */

Method 2

Make sure you register the login routes with the web middleware:

Route::group(['middleware' => ['web']], function () {
    //your routes here

Method 3

Use ‘auth’ middleware on your route. And you will be able to retrieve logged in user.

Method 4

As stated by your routing list, most of your routes arn’t part of the web middleware.

This middleware is responsible for bootstraping the cookies and the session. Without it, the session isn’t readed at all.

Because auth is based on session, the check return false if no session is found. It is an intended behavior

What you must do is to englobe all your routes in that snippet:

Route::group(['middleware' => ['web']], function () {
    //Your routes

If it doesn’t work, Can you please provide your routes.php along with your application Http/Kernel.php

Method 5

I just tried to reproduce this but wasn’t able to:

1. Setup Laravel

Steps done:

  1. Install Laravel 5.2.14
  2. Set up database and update configuration as mentioned in the question
  3. Run php artisan make:auth
  4. Run php artisan migrate
  5. Set up virtual host, opened the app and registered a new user (which was successful)
  6. Logged out and tried to login again, which was also successful. Auth::check() also returns the correct values.

2. Try to reproduce the error

I tried the following things to break the Auth to reproduce the problem:

  • Make /storage/framework/sessions/ unwritable
    This broke the application as an unwritable sessions folder will lead to broken forms because the CSRF token cannot be set.
  • Tried to change the configuration
    I changed various values in the sessions.php config file. Some changes either broke the complete application and didn’t even let me access the login form, or didn’t affected the login process.

Other questions regarding your app

  • Are there any files in /storage/framework/sessions/ after you tried to login?
  • Did you modified any Auth controller?
  • Do you use any packages that may mess up with the auth process?

Tips for debugging your app

I wasn’t able to reproduce the behavior of your app in any way. So there may be another problem that could also be related to XAMPP. As I’m on a Mac I can’t test this. I would recommend to try the following things:

  • Do composer update to update Laravel and all other core dependencies. There may be a bug in one of the dependencies or something went wrong with the setup.
  • Delete the Auth controllers and do a php artisan make:auth again
  • Setup Laravel again in another folder and try to login without making any changes to the login process or views. Just the basic setup. This may show if XAMPP is blocking anything that Laravel needs to correctly save the session.
  • Use a debugger to follow the auth process. This may show you where the login process “fails”.

Hope you can find this. Seems to be a very frustrating problem. I also searched in the Laravel forums but most of the prost regarding failing Auth::check() were not solved or were related to configuration issues.

Method 6

I had a similar issue and it was driving me insane for several days. It was a sample project that did not require authentication, but I wanted to make it anyway since it’s easy, and then it just didn’t work. Using file storage with correct permissions or database storage didn’t make any difference. I was also playing around with session config options but nothing helped there either.

All of my routes were wrapped into a group with web AND auth middleware. However, things did not work until I moved EncryptCookies, AddQueuedCookiesToResponse and StartSession middleware from web ($middlewareGroups) to $middleware in app/Http/Kernel.php. So, in the end, this is how it looked in the end:

protected $middleware = [
 * The application's route middleware groups.
 * @var array
protected $middlewareGroups = [
    'web' => [
    'api' => [

I didn’t bother to investigate the cause, I just let it be like this. Laravel version was v5.2.31.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply