Laravel session id changes with each request
You are right it is a security mechanism. To disable it for testing, in Kernel.php comment out this line:
\App\Http\Middleware\EncryptCookies::class
Then you will see the session ID in your cookie viewer and it doesn't change.
You can Google for HTTP encrypted cookies to learn about the practice. There is an ongoing debate if this old practice is necessary now that we use HTTPS on every website.
The same issue happened with me and it was later identified that I was using
protected $middleware = [ \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class];protected $middlewareGroups = [ 'web' => [ \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class ]]
in both $middleware and in $middlewaregroups because of which it was creating a new session id in movement between different routes.