We Keep Coding

Laravel Session::token keeps changing in every request when not using https://

I have read almost 100+ questions in stackoverflow about this. But nothing helped me.
My problem:
Laravel Session::token is re-generated in each HTTP request when I upload my app in my shared hosting. The app works fine when the domain has https://. But if I load the app using http://, no forms work (shows 419 Page Expired). The app also works fine in my localhost (Windows 10 with apache server) even though it's also http://localhost.
I can simply force to HTTPS using .htaccess to ignore the issue. But I want my app to be functioning in non-SSL domains also.
If I hit https://example.com/ 10 times, dd(Session::token()); returns the same token xZYdXs5UuXUSCZ5wHGELad9GuqjimkrPhMlsMepE every time.
And if I hit http://example.com/ 10 times, dd(Session::token()); returns different random tokens each time.
My Hosting Server: Litespeed
Laravel Version: 6.2
PHP Version: 7.4
.env file
SESSION_DRIVER=file
SESSION_LIFETIME=120
config/session.php file
use Illuminate\Support\Str;
return [
'driver' => env('SESSION_DRIVER', 'file'),
'lifetime' => env('SESSION_LIFETIME', 120),
'expire_on_close' => false,
'encrypt' => false,
'files' => storage_path('framework/sessions'),
'connection' => env('SESSION_CONNECTION', null),
'table' => 'sessions',
'store' => env('SESSION_STORE', null),
'lottery' => [2, 100],
'cookie' => env(
'SESSION_COOKIE',
Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
),
'path' => '/',
'domain' => env('SESSION_DOMAIN', null),
'secure' => env('SESSION_SECURE_COOKIE', false),
'http_only' => true,
'same_site' => null,
];
Permission:
/storage 0755
/storage/framework/sessions 0755
Please let me know if I should share any relevant information to make the issue more clear.
Thank you.

Laravel 4.2 behind ELB - Sessions not working

I'm running Laravel 4.2 with database session storage.
My application is running behind a Load Balancer.
When only one instance is running, my application works fine.
Then if i enable a second instance my application stops working.
My application adds a session to the database on almost every pageload, and i can't write/read sessions (and can't login).
Here is my session config
return array(
'driver' => 'database',
'lifetime' => 1440,
'expire_on_close' => false,
'files' => storage_path().'/sessions',
'connection' => "mysql",
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'ycrm_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
My sessions table looks like this
Have anybody experied that issue before?

I found the problem.
I'm using forge to manage and deploy my application. When i deploy my code its running composer install and its seems to edit my config/app.php .
I just redeployed my config/app.php and its starts working.

Setting up a local version of site: config settings/issues

I've been attempting to set up a version of my website on my computer so that I stop making live updates on my website. The website runs on a PHP based CMS.
I posted a question earlier: mysql connect - Moving my website to a local host
The question was about mysql-connect - the outcome was that I connected my database to my localhost as opposed to the current live host.
Now, the local version of my site loads except all styling is gone and the nav links do not work. I suspect the answer may be to do with the same file I edited in the question above: application/config/database.php
Here is what the code looked like originally:
$config['default'] = array(
'benchmark' => TRUE,
'persistent' => FALSE,
'connection' => array(
'type' => 'mysql',
'user' => 'mywebsite',
'pass' => 'somestringoftext',
'host' => 'mywebsitecom.fatcowmysql.com',
'port' => FALSE,
'socket' => FALSE,
'database' => 'mywebsiteDB4',
Then I changed it to this:
$config['default'] = array(
'benchmark' => TRUE,
'persistent' => FALSE,
'connection' => array(
'type' => 'mysql',
'user' => 'root',
'pass' => '',// Since it's on local host there is no password right now
'host' => 'localhost',
'port' => FALSE,
'socket' => FALSE,
'database' => 'mywebsite',//this is what I called the DB I created and imported to in PHPmyadmin
It may be that this all looks correct and the issue lies elsewhere. I have a suspicion that it could be to do with the .htaccess file as, when I initially set up the site, I had issues with that, except all I had to do was set permissions. Thing is, the way the local version appears right now is very similar to how it looked when the .htaccess file was not "working".
I realize that I've just dropped a bunch of code and said "help"! I'm really stuck on where to look next. If anyone does have any ideas I'd be grateful to hear them. If any further info could help anyone with suspect ideas please let me know and I'l update.

If site loads and you can see at page data taken from database, it means, what you DB connection is OK.
Since you can't see styling and menu not works, it means what you .JS/.CSS files not loaded correctly from you local server.
You can use addon FireFox called FireBug and here "Net" tab, to see which files loaded correctly and which not. For not loaded files you will need or change path to include it in you HTML file or change files location in you local filesystem

Error in cURL request: name lookup timed out

I wrote some code that fill a login form and submit it via post method. Like:
$config = array(
'adapter' => 'Zend_Http_Client_Adapter_Curl',
);
$this->siteObj = new Zend_Http_Client('http://example.com', $config);
$this->siteObj->setCookieJar();
$this->siteObj->setUri('http://example.com/login');
$this->siteObj->setParameterPost( 'data[User][name]', 'user' );
$this->siteObj->setParameterPost( 'data[User][password]', 'password' );
$response = $this->siteObj->request('POST');
its works fine, but some times this error occur:
Error in cURL request: name lookup timed out
Error: An Internal Error Has Occurred.
whats the problem? what can I do to solve it?

I encountered the same problem:
From the shell, curl worked.
From the shell, the PHP script worked.
PHP could not ping the website.
The DNS config was right.
After restarting Apache, it worked. So strange.

It can be a timeout problem.
Try adjusting the connection timeout:
$config = array(
'adapter' => 'Zend_Http_Client_Adapter_Curl',
'timeout' => 100
);
you can also set single curl options:
$config = array(
'adapter' => 'Zend_Http_Client_Adapter_Curl',
'curloptions' => array(
CURLOPT_USERAGENT => 'Zend_Curl_Adapter',
CURLOPT_HEADER => 0,
CURLOPT_VERBOSE => 0,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => false,
),
);
If you find out that it is a timeout issue, I would not suggest to increase too much the timeout parameter, but rather to make a for loop with a number of retries.

It means that your DNS server failed to return a response in time. Check your DNS configuration (e.g. /etc/resolv.conf on Linux), and make sure they are alive and functional. Also try to ping the host in the URL from the same sever to get an idea whether the problem only in PHP or the any application running on the server (more likely).

Disable certificate verification in PHP SoapClient

Summary:
Is there a way to force the built in SoapClient-class in PHP to connect over HTTPS to a server with an invalid certificate?
Why would I want to do that?
I have deployed a new application on a server that has no DNS entry or certificate yet. I want to try connecting to it with a SoapClient before setting up the DNS entry and fixing the certificate, and the most reasonable way to do this seems to be to just make the client ignore the certificate during testing.
Don't I realise that this is a huge security risk?
This is only for testing. When the service goes into production, there will be a valid certificate in place, and the client will be forced to validate it.

SoapClient takes a stream context in its parameters, which you can create yourself. That way you can control almost every aspect of the transport layer:
$context = stream_context_create([
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$client = new SoapClient(null, [
'location' => 'https://...',
'uri' => '...',
'stream_context' => $context
]);
Documentation:
stream_context_create() Docs
HTTP context options Docs
SSL context options Docs

The accepted answer works but only in the non-WSDL mode. If you try to use this in the WSDL mode (i. e. you pass a WSDL file url as the first argument) you will face the fact that the stream context is ignored when downloading WSDL files. So if the WSDL file is also located on a server with broken certificate, it will fail, most likely throwing the message failed to load external entity. See more here and here.
As suggested, the simplest way around is to download the WSDL file manually and pass the local copy to the SoapClient. You can download it for example with file_get_contents using the very same stream context from the accepted answer.
Note that you will also have to do this when creating a SoapServer.

The correct list for PHP 5.6.8 is
'ssl' => array('verify_peer_name'=>false, 'allow_self_signed' => true),

"verify_peer"=>false,
"verify_peer_name"=>false,
This is working on php 5.6.x;
$arrContextOptions=stream_context_create(array(
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false,
)));
$this->client = new \SoapClient("https://tests.com?WSDL",
array(
//"soap_version" => SOAP_1_2,
"trace" => 1, // enable trace to view what is happening
"exceptions" => 0, // disable exceptions
"cache_wsdl" => 0, // disable any caching on the wsdl, encase you alter the wsdl
"stream_context" => $arrContextOptions
)
);
or if you want you can add to cyrpto method
$arrContextOptions=stream_context_create(array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
));