I had an application made with Laravel 5.3 that was running fine, but after upgrading to Laravel 5.4, every time we authenticate, it goes fine and we have access to user informations :
{"id":X,"name":"Foo","email":"foo#bar.com", . . .}
The thing is, it is not really logged in as when we want to access a protected view that this user would have access to, it redirects on the login page.
I checked a fresh install of Laravel 5.4 methods of authentication and can't find any difference between application and this fresh 5.4 application.
So if someone could tell me where this problem comes from, it would be really helpful,
Thanks.
EDIT : It seems that the Auth()->user() gets null value while in the middleware that protects the routes.
I found what went wrong, but didn't wrote the answer here.
What was actually happening is that it seemed that session cookies had the encrypt config option set to false, but it was needing the EncryptCookies middleware, which was missing.
Related
The Problem:
After successful initial "csrf-cookie" and "login" requests, the authenticated user seems to disappear from the session on all subsequent requests.
$request->user() and Auth::user() and auth()-user() all return null.
$request->session()->all() returns just a "_token" field, and $request->session()->has('users') and $request->session()->has('user') both return false.
Context:
This only occurs on my production server (I've tried both a Laravel Forge server and my own server with setting up Nginx manually).
This is a SPA backend, using Laravel 8. Using Laravel's built in Sanctum authentication. Using database session driver (although I've tried all the others, the driver does not seem to be the issue, and I can see the sessions in my database).
My session config currently (although I have tried other configs to no avail):
same_site = 'none'
domain = null
secure = true
http_only = true
What I've Tried:
Countless google searches, have not found any issues or solutions that seem to apply to my situation.
I have tried digging into the session and request objects immediately before and after the problem occurs (as described in the problem section) and have not gotten any useful information that way.
I have tried playing around with the session config... changing the "same-site", "secure", etc. variables.
I have found the problem, turned out to be extremely simple/silly: I had to add the \Illuminate\Session\Middleware\AuthenticateSession::class middleware to my route (specifically for me, in this case it was to the 'api' middleware group).
I had some very simple code on a website to handle logins on the root of the site using ion_auth:
if(!$this->ion_auth->logged_in())
{
redirect("/login");
}
That page posts to /auth/login, which is handled by ion_auth. If the login is successful, the user is redirected to the root of the site. Otherwise, they go back to /login to try again. I initially thought I'd forgotten the password, but with a series of var_dump() calls, I found that the login is successful, but the call to $this->ion_auth->logged_in() returns false anyway.
All of this is after the host upgraded to PHP 7 - the code worked before. I've tried upgrading ion_auth, but it didn't help.
There were session related problems in early CI 3.x version, documented here and here
several session related issues were resolved in the latest versions, see the change logs
solution: update to CI 3.1.7. (latest version as writing)
Upgrading From a Previous Version
I haven't seen this kind of strange situation. When Auth login does not work, I delete all cookies on Chrome, and I log in successfully. Laravel auth makes me crazy. Sometimes log-in works well, sometimes it doesn't.
It's not "Chrome Cookies", it's Laravel Cookies that can cause problem. There can be multiple reasons and you need to debug your code to find the root cause but most common is a faulty AuthRedirectMiddleware.This middleware is supposed to redirect users to a /dashboard or /home page by default if they are already logged in based on either the session or the cookies.
So once you login and didn't logout properly and try to re login, you may get unexpected behavior.
To properly debug your code, review everything in the routes, controllers and Auth related middlewares. Try disabling as much code as possible to get the minimum working code which gives you error and that way you can catch the bug causing it.
Let me know in the comments if require further help.
My Stack:
Laravel Version: 5.3.9
PHP Version: 7.0.8
Database Driver & Version: MySQL Ver 14.14 Distrib 5.7.15
Redis
I am using the Laravel auth:make scaffolding and when I login I am redirected to the correct page, but when I try to navigate to another page, I am redirected to login. I take a look at the debugbar and for the web routes auth, it says that I am logged in as a guest.
I created a route at /test-login that has this code:
Auth::attempt(['email' => 'email#email.com', 'password' => 'password']);
and I am logged in until I go to another page. For some reason, the session doesn't seem to be persisting for authentication. However, it appears that tokens are persisting in the session.
I tried installing a fresh copy of Laravel and moving all of the files that I edited over to that install and it still doesn't work, so it must be something in one of my files, I just can'y figure out what. I also uninstalled predis/predis because that was around the time I noticed some issues - no luck. For the session, I now have it using file instead of Redis. Any ideas?
Steps To Reproduce:
Login from the /login path
I am redirected to the correct page upon successful login
I try and navigate to another page
I am redirected back to login
I finally found it... Dumb mistake on my part. For the logout link in my nav partial, I had
{{ Auth::logout() }}
Which logged me out since every page included the nav partial. Well... it happened and I spent too much time looking for it too.
I am using laravel 5.1 with Sentinel - Cartalyst auth driver. Problem is that Laravel can't "keep" users logged in. After some time (when they visit website) it automatically kicks them out with error that they are not logged in (I have filter that checks if user is logged in for every route expect login route). It really bugs me and I can't fix it.
I tried using cookies, file and database driver for keeping login sessions and they all fail.
Does someone knows how to deal with this problem? I am bulding project for Intranet users (under local domain)... Maybe that could be problem? Also I notice that cookies expiration time is current datetime that laravels sets for max expiration time.
Are you sure you imported the correct namespace path to Cartalyst? I had an issue with sessions not persisting and it was caused by importing the native php Cartalyst class rather than the laravel one. It should be something like Cartalyst\Sentinel\Laravel\Facades\Sentinel::class