laravel laravel-livewire laravel-jetstream laravel-filament filamentphp

Laravel Filament v3 automatic logout if SESSION_DRIVER=database

Problem:

I'm currently trying to implement filament v3 into my current laravel v10 project also using livewire v3.

After installing filament v3 as described in their installation guide I am able to see the filament login screen where I can log in under certain conditions:

The first login works with my already before existing user credentials just fine.
If I then get redirected to the default filament dashboard and want to click on "Dashboard" again I automatically get logged out and redirected to the filament login screen (This should not redirect me at all).
Also if I now want to log in again, the browser shows me a message saying "This page has expired. Would you like to refresh the page?"
If I now click refresh I'm trapped in a loop... I am now at the login screen again (not logged in).
The only thing to exit this loop is to manually refresh the page once more and try to log in again.
Then I'm back at the dashboard, getting logged out automatically again if clicking on "Dashboard" again as before.
The only way to stay logged in can be achieved if I check the checkbox "Remember me" before the first login.
Now I can stay logged in to the filament dashboard, but if I now click on "Log out" I get a "Laravel POST Error". 🙄
Also if I log in to my current app before and then try to access the filament dashboard I also immediately get logged out and redirected to the filament login screen...

What I tried so far:

I have already searched everywhere I could and found just a few people with the same or a similar problem:

This (https://github.com/filamentphp/filament/discussions/8574) is an discussion I found on the filament repo on github which represents my problem the best. If I change my SESSION_DRIVER to SESSION_DRIVER=file instead of SESSION_DRIVER=database everything works as expected but I can't find the solution WHY?!
I also ruled out I is a bug on a clean laravel v10 / filament v3 install. Here also everything works fine (Also with SESSION_DRIVER=database).

Things I also tested / resources I checked:

System info:

MacOS 14.3.1
PHPStorm 2023.2
Chrome 121.0.6167.160
Laravel 10.44.0
Livewire 3.4.4
Filament 3.2.34
PHP 8.1

EDIT:

I now found a solution to bypass the problem:

<?php

namespace App\Providers\Filament;

use Filament\Http\Middleware\Authenticate;
use Filament\Http\Middleware\DisableBladeIconComponents;
use Filament\Http\Middleware\DispatchServingFilamentEvent;
use Filament\Pages;
use Filament\Panel;
use Filament\PanelProvider;
use Filament\Support\Colors\Color;
use Filament\Widgets;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
use Illuminate\Routing\Middleware\SubstituteBindings;
use Illuminate\Session\Middleware\AuthenticateSession;
use Illuminate\Session\Middleware\StartSession;
use Illuminate\View\Middleware\ShareErrorsFromSession;

class AdminPanelProvider extends PanelProvider
{
    public function panel(Panel $panel): Panel
    {
        return $panel
            ->default()
            ->id('admin')
            ->path('admin')
            ->login()
            ->colors([
                'primary' => Color::Rose,
            ])
            ->discoverResources(in: app_path('Filament/Resources'), for: 'App\\Filament\\Resources')
            ->discoverPages(in: app_path('Filament/Pages'), for: 'App\\Filament\\Pages')
            ->pages([
                Pages\Dashboard::class,
            ])
            ->discoverWidgets(in: app_path('Filament/Widgets'), for: 'App\\Filament\\Widgets')
            ->widgets([
                Widgets\AccountWidget::class,
                Widgets\FilamentInfoWidget::class,
            ])
            ->middleware([
                EncryptCookies::class,
                AddQueuedCookiesToResponse::class,
                // StartSession::class, -> just commented out this line
                AuthenticateSession::class,
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                SubstituteBindings::class,
                DisableBladeIconComponents::class,
                DispatchServingFilamentEvent::class,
            ])
            ->authMiddleware([
                Authenticate::class,
            ]);
    }
}

Now I'm not completely sure if this is okay to do.

What I've encountered before: Every time I go to the filament dashboard or am redirected to the filament login screen a new session entry get's generated in the database where the old one get's abandoned (not deleted as normally when logging out).

After commenting out StartSession::class in my AdminPanelProvider.php file this is no longer the case. Now every time I log in (or log out) the session get's updated (or deleted and a new one get's created).

Is this safe to implement like this? Also why is it working just fine if SESSION_DRIVER=file?

Solution

For anyone stumbling on to this question... I finally found a solution for my project.
Although it's very unlikely anyone else is experiencing the exact same issue I will still post my findings:)

For me the reason for the bug could be found in the app/Http/Kernel.php file.

The following changes fixed it for me:

A bit on the background:

The project was started with Laravel v7 and grew since then... Maybe those days the Kernel.php file looked different to the todays version or I just modified it some time ago.