Laravel session cookies not persisting — possibly caused by Cloudflare layer on Koyeb

How To
1

Laravel session cookies not persisting — possibly caused by Cloudflare layer on Koyeb

Category: Troubleshooting and help
Tags: laravel, cookies, session, cloudflare, cache

Hello everyone :waving_hand:

I’m hosting a Laravel application (called Syrios) on Koyeb, and I’m facing a persistent issue where session cookies are not being preserved between requests.

:puzzle_piece: Problem Description

  • On the first load, Laravel correctly sets both:
    • laravel_session
    • XSRF-TOKEN
  • But after any page refresh or POST request, those cookies disappear or are not returned by the browser.
  • As a result, Laravel loses the session context and CSRF protection fails.

When I check using:

curl -I https://syrios.koyeb.app/session-debug

I can see that my app sends the correct headers, including Set-Cookie and Cache-Control.
However, the response also includes Cloudflare headers such as:

cf-ray: ...
cf-cache-status: MISS
alt-svc: h3=":443"

This suggests that requests are passing through Cloudflare, even though I never configured Cloudflare myself.

:gear: Environment and configuration

Here’s my .env session configuration:

SESSION_DRIVER=cookie
SESSION_DOMAIN=.koyeb.app
SESSION_SECURE_COOKIE=true
SESSION_SAME_SITE=None

I’ve also tried forcing headers:

header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header('Pragma: no-cache');
header('Set-Cookie: cross-site-cookie=whatever; SameSite=None; Secure');

But the issue persists — session data is lost on every new request.

:red_question_mark: My questions

  1. Does Koyeb’s Cloudflare layer interfere with Set-Cookie or Cache-Control headers?
  2. Is there a way to disable or bypass this internal proxy for a specific app or service?
  3. Has anyone else experienced cookie/session issues with Laravel (or other frameworks) on Koyeb?

:brain: Notes

This looks very similar to the behavior described in this thread:

“Is Cloudflare interfering with caching on Koyeb?”
where users noticed cf-cache-status: MISS and mismatched cache headers.
It seems to point to the same underlying network layer handling issue.

Thanks in advance for any help or clarification.
I’d really appreciate if someone from the Koyeb team could confirm whether Cloudflare modifies cookie headers or if there’s a configuration to preserve session cookies untouched.


David Costa
Powered by Syrios
https://syrios.koyeb.app