mivita/dev/routes-optimization/AuthSessionDebugger.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Session;
use Illuminate\Support\Facades\Auth;
use Symfony\Component\HttpFoundation\Response;

/**
 * Debuggt Session-Änderungen vor AuthenticateSession.
 *
 * Diese Middleware läuft direkt vor Illuminate\Session\Middleware\AuthenticateSession
 * und überprüft, ob die Session-ID sich ändert.
 */
class AuthSessionDebugger
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next): Response
    {
        // Session-ID vor AuthenticateSession überprüfen
        $sessionIdBeforeAuth = Session::getId();
        $domainResolverSessionId = $request->attributes->get('domain_resolver_session_id');

        if (config('app.debug')) {
            \Log::channel('domain')->debug('AuthSessionDebugger: VOR AuthenticateSession', [
                'session_id_before_auth' => $sessionIdBeforeAuth,
                'domain_resolver_session_id' => $domainResolverSessionId,
                'session_consistent_with_domain_resolver' => $domainResolverSessionId === $sessionIdBeforeAuth,
                'session_started' => Session::isStarted(),
                'request_host' => $request->getHost(),
                'middleware_position' => 'Vor AuthenticateSession',
                'user_authenticated' => Auth::check(),
                'session_all_keys' => array_keys(Session::all())
            ]);
        }

        // Request weiterleiten (AuthenticateSession läuft hier)
        $response = $next($request);

        // Session-ID nach AuthenticateSession vergleichen
        $sessionIdAfterAuth = Session::getId();

        if (config('app.debug')) {
            \Log::channel('domain')->debug('AuthSessionDebugger: NACH AuthenticateSession', [
                'session_id_before_auth' => $sessionIdBeforeAuth,
                'session_id_after_auth' => $sessionIdAfterAuth,
                'session_changed_by_auth' => $sessionIdBeforeAuth !== $sessionIdAfterAuth,
                'domain_resolver_session_id' => $domainResolverSessionId,
                'request_host' => $request->getHost(),
                'user_authenticated' => auth()->check()
            ]);

            if ($sessionIdBeforeAuth !== $sessionIdAfterAuth) {
                \Log::channel('domain')->warning('🚨 AuthSessionDebugger: AuthenticateSession hat Session-ID geändert!', [
                    'session_id_before' => $sessionIdBeforeAuth,
                    'session_id_after' => $sessionIdAfterAuth,
                    'domain_resolver_session_id' => $domainResolverSessionId,
                    'request_host' => $request->getHost(),
                    'user_agent' => $request->userAgent(),
                    'possible_cause' => 'AuthenticateSession regeneriert Session bei Authentifizierungsproblemen'
                ]);
            }
        }

        return $response;
    }
}