From 274dac123fb3850c2d9e96803ea52d3f3eb69fe1 Mon Sep 17 00:00:00 2001
From: Daniel Klabbers <daniel+git@klabbers.email>
Date: Tue, 13 Jul 2021 00:32:13 +0200
Subject: [PATCH] fixes internal clients use of session

With remember from cookie, in certain edge cases, the middleware would
try to load a session which hasn't been instantiated as this middleware
is excluded for the client. Excluding the remember from cookie
middleware will resolve this as authentication is done using the
RequestUtil and ActorReference regardlessly.
---
 framework/core/src/Api/ApiServiceProvider.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/framework/core/src/Api/ApiServiceProvider.php b/framework/core/src/Api/ApiServiceProvider.php
index e95766cfb..15e4169c3 100644
--- a/framework/core/src/Api/ApiServiceProvider.php
+++ b/framework/core/src/Api/ApiServiceProvider.php
@@ -111,7 +111,8 @@ class ApiServiceProvider extends AbstractServiceProvider
                 HttpMiddleware\StartSession::class,
                 HttpMiddleware\AuthenticateWithSession::class,
                 HttpMiddleware\AuthenticateWithHeader::class,
-                HttpMiddleware\CheckCsrfToken::class
+                HttpMiddleware\CheckCsrfToken::class,
+                HttpMiddleware\RememberFromCookie::class,
             ];
         });