How to change the session cookie name between panels?

We have an app with 3 different admin panels each with their own auth guard. This is causing a problem if you login to 2 different panels on the same browser. It's fine if you clear cookies or go incognito.
I just need the session cookie to be named differently between the panels - can anyone suggest a method to achieve this?
1 Reply
acroninja
acroninjaOP8mo ago
I have tried with this middleware but the panel id always returns admin
class DynamicSessionCookie
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
if (function_exists('filament') && filament()->getCurrentPanel()) {
$panelId = filament()->getCurrentPanel()->getId();
$cookieName = Str::slug(config('app.name'), '_').'_'.$panelId.'_session';
config(['session.cookie' => $cookieName]);
}

return $next($request);
}
}
class DynamicSessionCookie
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
if (function_exists('filament') && filament()->getCurrentPanel()) {
$panelId = filament()->getCurrentPanel()->getId();
$cookieName = Str::slug(config('app.name'), '_').'_'.$panelId.'_session';
config(['session.cookie' => $cookieName]);
}

return $next($request);
}
}
On reflection this isn't working because I've put it in the web middleware before SessionStart, but at this point the filament panel hasn't been initialised so won't work. I've also tried putting it in the panel config middleware section
->middleware([
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
DynamicSessionCookie::class,
StartSession::class,
...
], isPersistent:true)
->middleware([
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
DynamicSessionCookie::class,
StartSession::class,
...
], isPersistent:true)
But this results in a redirect each time we login as not all requests are using this middleware - even with isPersistent set, so we end up with 2 different session cookies Next idea was to get the first segment of the url request, which for each panel is different, but all panels make a request to
/livewire/update
/livewire/update
which won't allow us to identify to which panel this request belongs. Hmmfff. Back to the drawing board. I suspect the only approach that will work is setting a different domain name per panel. This way the session cookies will be unique. Will report back with findings. Can confirm that having separate domain names for each panel solves the problem, and i think is a cleaner approach
Want results from more Discord servers?
Add your server