I want to controll authentication with cookies. And In my browser working successfully. But When I tried to test with postman, Postman doesn't add cookie to new request.

1. step - I login and response header like that:

But the response cookies tab like that:

And manage cookies window like that:

2. step - I send a request to unprotected router and I get unauthorized error.

This error started today. I don't remember making any changes to the settings. Why Im getting this type error. How can I solve this?

I also had this problem, the fix is to remove the secure flag in the cookie when sending cookies from localhost as cookies set as secure can only be sent over HTTPS.

I had this issue when testing a local Laravel Sanctum request to /login.

I had the following .env values set

SESSION_DOMAIN=docker-api-service-name
SANCTUM_STATEFUL_DOMAINS=docker-api-service-name

However these needed to be set to localhost to match the domain of the APP_URL. After this, everything was working fine.

SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost

Someone mentioned that setting the secure flag to false will solve it, and it will. The explanation however was not entirely correct.

Secure will indeed only work over secure connections (HTTPS). However, it will also work over HTTP if it's done in localhost: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies

Setup your domain name inside the .env file

if you are on localhost add below

SESSION_DOMAIN=localhost

for custom domain (my domain name is qa_app.test)

SESSION_DOMAIN=qa_app.test

Note: if you are sending a request on an authenticated route where you are using Sanctum or passport middleware using Postman you need to use pass Referer.

Referer=localhost

it's identical for localhost or custom domain, in both conditions you need to pass localhost in the referer.

When you are in the web browser you don't need to pass the referer, it will be passed by web browser.