Fix Laravel 9 compatibility by checking sanctum attribute instead of session state

arukompas · arukompas · commit b11e530d3b8d · 2025-10-17T17:54:58.000+03:00
Changed 'authentication works when APP_URL matches request domain' test
to check for the 'sanctum' attribute instead of session state. The
session-&gt;isStarted() check behaves differently in Laravel 9's test
environment, causing false failures.

The sanctum attribute is set directly in the middleware pipeline and
is more reliable across Laravel versions for verifying the middleware
actually ran.
diff --git a/tests/Feature/Authorization/ApiAuthenticationTest.php b/tests/Feature/Authorization/ApiAuthenticationTest.php
@@ -49,9 +49,9 @@
 test('authentication works when APP_URL matches request domain', function () {
     config(['app.url' => 'http://example.com']);
 
-    // Auth callback that requires session to be started (proving session middleware was applied)
+    // Auth callback that checks for sanctum attribute (proving middleware pipeline ran)
     LogViewer::auth(function ($request) {
-        if (! $request->hasSession() || ! $request->session()->isStarted()) {
+        if (! $request->attributes->get('sanctum')) {
             return false;
         }
 
