We should start resume the session with ApplicationSession before checking for Session keys in AllowAnonymous

bootstrap/app.php

@@ -16,8 +16,8 @@ return Application::configure(basePath: dirname(__DIR__))
 		$middleware->appendToGroup(
 			group: 'web',
 			middleware: [
-				AllowAnonymous::class,
 				ApplicationSession::class,
+				AllowAnonymous::class,
 				SwapinAuthUser::class,
 				ViewVariables::class,
 				CheckUpdate::class,