1👍
Your route is in api.php which is stateless and therefore does not recognise that any request is using a previously established session.
Move your endpoint into web.php file.
0👍
Both Back-end and front-end code should be on the same server and at the same port I think you are using Vue which is a front-end application which is communicating to the back-end via API. So instead, of session try using REST API or show me your code so that I can help you more about it
-1👍
CSRF is irrelevant, because it’s just protection mechanism – not identification (but you should fix it to not getting 419). When you make requests and PHP (laravel) handles it session_start called, which stores laravel_session cookie in the browser and somewhere at the server (in files or in dB).
Can’t give a clear answer, but you can debug it like this: go to the network tab in the developer tools and verify, that Axios actually sends session id. Token in the Blade view and token which sends Axios may be different. If Axios not sending token, laravel will initialize new (maybe problem here).