implementing PHP session management across multiple subdomains in Laravel 9
I keep running into I'm following best practices but I'm having trouble maintaining user sessions across multiple subdomains in my Laravel 9 application. My app is hosted on `example.com`, and I have subdomains like `api.example.com` and `admin.example.com`. I've configured session settings in `config/session.php` to use cookies with the domain set to `.example.com`, which should ideally allow sharing sessions across these subdomains. Here's what I've tried: 1. Set the `domain` option in `config/session.php`: ```php 'domain' => '.example.com', ``` 2. I also made sure to set the `secure` option to `true` in case the application is served over HTTPS: ```php 'secure' => true, ``` 3. Cleared the cookies from my browser multiple times to ensure I'm not working with stale session data. However, whenever I try to access `api.example.com`, it doesn't recognize the session that was established on `example.com`. I see the `PHPSESSID` cookie being set, but it seems to be empty. I've checked the browser's developer tools, and I'm not seeing any associated session data. Additionally, I'm getting the following behavior in my logs when I try to access the API: ``` Illuminate\Session\TokenMismatchException: The session store is not available. ``` Could this be related to CSRF protection or something else in Laravel? Any insights or tips on how to resolve this session sharing scenario would be greatly appreciated! I'm coming from a different tech stack and learning Php. Thanks for any help you can provide! I'm working with Php in a Docker container on Ubuntu 22.04. Am I approaching this the right way?