can anyone teach me why i cant authenticate my laravel session iny my localhost? (database driven!)
Im actually using the auth service from breezer.
**
my first question is: is it possible to auth a user on a localhost by laravels sessions authentication? For me it worked only in production.
My Frontend goes with Angular.
My trys to authenticate and log the user with:
Auth::guard('api')->check()
Auth::guard('web')->check()
Auth::guard()->check()
failed all, f.E gives me a null error.
auth defaults runs on:
defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
my ENV datas looks like:
SESSION_DRIVER=database
SESSION_LIFETIME=180
SESSION_DOMAIN=localhost:4200
APP_URL=localhost:8000
APP_ENV=local
Related
I'm working on a Laravel project and I want to use Redis to store session data for improved performance. I have set up Redis correctly and it's working fine with basic functionality. However, I'm having trouble getting the auth::attempt function to work with Redis.
Here's my current auth::attempt code:
if (Auth::attempt(['email' => $email, 'password' => $password])) {
// User authentication successful
} else {
// User authentication failed
}
This works fine with the default session driver in Laravel, but I want to use Redis for better performance. I have tried changing the SESSION_DRIVER variable in my .env file to 'redis' and set the Redis connection in config/database.php, but I'm still getting an authentication error.
I'm not sure what I'm missing. Can anyone help me understand how to use Redis with auth::attempt in Laravel? Thanks in advance!
When using Redis for session storage in Laravel, you need to ensure that your Redis server is running and that your Laravel application is configured to use Redis as the session driver.
To set Redis as your session driver, you can change the value of the SESSION_DRIVER variable in your .env file to redis. You can also configure the Redis connection in the config/database.php file. Here's an example configuration:
'redis' => [
'driver' => 'redis',
'connection' => 'default',
'table' => 'sessions',
'expire_on_close' => false,
],
Once you've configured Redis as your session driver, you can use the Auth::attempt method as usual. However, if you're still encountering authentication errors, there are a few things you can try:
Make sure your Redis server is running and accessible from your
Laravel application.
Check your Redis configuration in the config/database.php file to
ensure that it's set up correctly.
Clear your Laravel application's cache using the php artisan
cache:clear command.
Check your Redis server's logs for any errors or issues that might
be causing the authentication failures.
There are loads of posts around the Internet related to this so I apologise if I've missed the answer here, but I seem to be going round in circles even after looking at all the existing answers. I'm clearly overlooking something.
I have a Laravel app which was recently upgraded from 6 to 8 which is being served locally under api.company-name.local. I also have a separate Vue front-end SPA being served under app.company-name.local:8080. I seem to get a successful response after getting the cookie, however when I hit my login endpoint I get a 419 - CSRF Token Mismatch response.
Setup
The Laravel app sits containerised locally with Docker, front-end simply being served up with npm run serve and I have entries in my hosts file for:
127.0.0.1 api.company-name.local
127.0.0.1 app.company-name.local
Front-End
I make a request to api.company-name.local/sanctum/csrf-cookie from within the front-end app which returns a 204 response, and then make a POST request to my login endpoint to authenticate the user.
const login = async () => {
await axios.get('/sanctum/csrf-cookie')
.then(() => {
axios.post('/loginUser', {
username: 'my-username',
password: 'my-password',
})
})
}
Observing the login POST request, I can see two cookies being sent in the request headers.
In my main.ts file I have configured the following axios defaults:
axios.defaults.withCredentials = true
axios.defaults.baseURL = 'http://api.my-company.local'
Back-End
I have updated my .env file to the following:
SESSION_DRIVER=cookie
SESSION_DOMAIN=app.company-name.local (have also tried .company-name.local)
SANCTUM_STATEFUL_DOMAINS=app.company-name.local:8080
I have added the appropriate middleware to the kernel:
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
My cors.php file is updated with these details:
'paths' => [
'api/*',
'sanctum/csrf-cookie',
'/loginUser',
'/logout',
],
'supports_credentials' => true,
When the user hits that login endpoint they'll hit this particular route setup, which uses the web middleware:
Route::group([
'module' => 'Users',
'middleware' => ['web'],
], function () {
Route::post('/loginUser', 'UsersController#login');
});
It doesn't seem to matter what I change here, I still end up with the 419 so I'm missing something here. Can anyone shed any light on what the problem could be?
i have a laravel application on version 5.7 . the problem is that my api is being called from outside of my server and people can easily call my api and send SMS and cause my some amount of charge . now what I want to do is that prevent the api from all locations to be called just my own server . I heard that laravel 7 has the cors configured but I wanted to know if there is any way for laravel 5.7 to do that . i have throttle for my api but it seems that its not working or the atacker changes the ips of servers .
so here is my kernel.php :
'api' => [
'throttle:1000,1',
'bindings',
],
'apiThrottle' => [
'throttle:4,10',
],
];
You can install https://github.com/spatie/laravel-cors/ package. That will create a file called cors.php under config folder. Follow all the setup instructions, are few.
There you can specifiy which origins are allowed (example)
'allow_origins' => [
'http://127.0.0.1/*',
'https://127.0.0.1/*',
'http://localhost/*',
'https://localhost/*',
],
I am using laravel's (6.2) default auth for user authentication. In my login form when I hit the default login route('login') provided by laravel it is showing me the wrong credential provided error though my credentials are correct. I used a seeder to generate my first user(default user for the site) and used the global bcrypt() (also tried Hash::make()) method to hash my password. I am using 'file' session driver which comes default too.
The most interesting part is that when I fire the php artisan migrate:fresh --seed command or php artisan migrate following by php artisan db:seed command, the auth works fine for the first time, That means when I try to log in immediately after firing those command the auth works fine till logout. But after that, when I do log out manually or session turns invalid, I can't login even though my credentials are correct. Any solution for that?
For seeder reference here what I applied to make the default user
\App\User::create([
'name' => "John Doe",
'email' => 'john#example.com',
'password' => Hash::make('password')
]);
Do you check as Hash::check(normal_password,hashed_password); in login function?
I encounter issues with the database driver in order to store sessions cookies:
The database connection is currently working but cookies are not set in the browser however session data are in my database.
I have run:
php artisan session:table
Set database session in my .env file:
SESSION_DRIVER=database
Bellow the config/session.php file:
[
'driver' => env('SESSION_DRIVER', 'file'),
'connection' => 'mysql',
'table' => 'sessions',
]
EDIT 1:
The route in web.php:
Route::group(['domain' => GetDomainInfo::GetDomainName(), 'middleware' => 'web'], function () {
Route::get('/', "HomeController#index");
});
Solved issue by :
I have created for example a localhost domain: webcv by adding to my hosts file:
127.0.0.1 webcv.local
127.0.0.1 admin.webcv.local
Set the session domain to : .webcv.local in config/session.php like so:
'domain' => env('SESSION_DOMAIN', ".webcv.local"),
Or just by adding in the .env file:
SESSION_DOMAIN=.webcv.local
Now I can access to both webcv.local and admin.webcv.local with the same cookie.
When you work with the database driver for sessions, you have to create the session table.
I'll assume you already scaffold the native authentication system by doing php artisan make:auth and migrated the migrations.
So first you generate the migration, and then migrate:
php artisan session:table
Execute the migration:
php artisan migrate
Obviously, this won't work if the routes you're checking on, aren't using the web middleware.
If you're not registering the routes in /routes/web.php, then you have to manually specify the web middleware for them. Either in your controller's constructor, or directly in the route itself.
Edit after fix for future reference:
Also, check your domain in config/session.php is the same you're using in development or production, depending where you are working on.