Laravel Session always changes every refresh / request in Laravel 5.4
Primary cause of this problem is laravel's inability to save session data on server side.
With file as session storage, it can be & usually is a permissions issue, [Check SELINUX if you are on centos], laravel (that means apache or nginx or whatever user your process runs with) should have read and write permission on the folder where session files are stored [That is usually project root/storage folder].
Another reason this can happen is when you are using database as a session storage and created sessions table manually and made the mistake of making id column of type bigint(20) or any other mismatching column.
That again means laravel couldn't store the session data. Check my detailed answer about that here https://stackoverflow.com/a/45340647/7260022
And the last point is about cookie and domain setting as mentioned above. Hope that helps to pinpoint the problem for anyone struggling with the issue in future.
I found the solution to this was 2 parts, not sure why it varied since it was the same OS and setup.
Step 1 make sure that COOKIE_DOMAIN is set properly and with no port numbers (Either in .env or directly in /config/session.php, whichever you use)
Step 2 make sure that the cookie name ( 'cookie' => 'whatever') inside of /config/sessions.php does NOT have an underscore in it. Laravel apparently has had issues with this.
We got threw this error too, and this is what seems to fix the problem :
• Check that your storage/ folder have the correct right
• Try to disable all the JavaScript in your pages (either by disabling it via navigator or inside the code) and make sure that 'http_only' => true,
• Try to use with and without HTTPS
• Make sure the SESSION_DRIVER variable is NOT null
• Try to switch between 'encrypt' => false, and 'encrypt' => true,
• Try to change the cookie name 'cookie' => 'laravelsession',
• Try either to set your SESSION_DOMAIN to your actual domain OR null
• Try to switch between 'secure' => env('SESSION_SECURE_COOKIE', false), and 'secure' => env('SESSION_SECURE_COOKIE', true),
After every step, this bug seems to be fixed, but somehow, the cookie still is not set in the navigator sometime until we use HTTPS on development too.
I am sorry not to be able to provide a 100% fix, but having the EXACT same issue, I wanted to share my experience with you.