I have a user authenticated in a laravel app. I have a third party app that needs to see if this user is authenticated in said laravel app. I see there is a cookie called laravel_session and the contents are something like:
eyJpdiI6ImZIdGo0XC9cL1I2RWpzOUppQmRqcTljNFZ0SFJNMTBrc3l5OTVIN12h3ks03RT0iLCJ2YWx1ZSI6InNMWXZCcm44N1pmVnpTWEU3WStEMTBNckJGUFdJVEJFY3lMWGNIdUVkS0p5RlwvNzJGVXVpVFEwZnNqSDdFc0c4d0hPOTIrSFA3UG1heFIxanZWWk1231209IiwibWFjIjoiYzc1MTQxNjEyMTU5MTdjZGE0NDYwOTY2OGExYTYxOTc0MjA5MmJhdsdhZDMwOGZjNmIzYjE0ZmQ4MDI3MjkwMCJ9
I see in the app/stoage/session directory, one file named 164d51a82e239ae352792311f24e29c3670bf027 which contains the correct serialized data for that user.
How do I associate the two without loading up any laravel classes/code? In other words, how do I find out which session file belongs to the user just by their cookie info?
Thanks!
Laravel automatically encrypts it's cookies with PHP's mcrypt extension.
You can try modify Laravel cookies implementation but this is not recommended.
Maybe writing an artisan command that uses the Encrypter class will be the solution, or just find another way to achieve your goal.
Related
i would like to redirect to a page outside from the typo3. is this possible because i donĀ“t find a input form to do that?
I have an external PHP application. This application may only be called after a successful login. Is it possible to bind the login data from felogin to a session that I can use in my PHP application? I need the login information in my PHP application. I would like to use the felogin logout mechanism in my external PHP application. Is that possible?
Regards
MS-Tech
Not by default.
The easiest way I can think of, if the external PHP application runs on the same domain, is to alter the PHP application to read the TYPO3 frontend user cookie (fe_typo_user) and get session (fe_sessions table) and frontend user (fe_users table) data from the database.
The cleanest way I can think of is to rewrite the external PHP application as a TYPO3 extension, but I'm assuming this would be too much work.
As for the log out, you can link to the TYPO3 login page and add ?logintype=logout to the URL.
The Problem
I want to clear all sessions for all users in my Laravel application.
What I have tried
I understand that Auth::logout() will log out a single user, but not all users. I have also tried deleting the session files from storage/framework/sessions. Neither have worked.
I am using the built in Authentication (e.g. Auth) and the file driver for sessions running Laravel 5.2.
How can I effectively force logout for all logged in users so they have to log in again?
It's worth noting that Laravel actually only stores active sessions in the session folder; those that are 'remembered' but haven't been actively accessing your application do not count among these sessions. As such, just deleting the files won't finish the job.
You must also clear all Remember Tokens from the users table, as this token is used in conjunction with the local token stored in the cookie to re-create the session when a user reconnects.
in app/session.php you can change cookie value, so user will automatically logout because of cookie is not match with the config
Simply regenerate the APP_KEY with following command.
php artisan key:generate
This will regenerate the APP_KEY, which will be used to encrypt and decrypt the cookies. Since it changes, all the cookies will be invalidated. Users has to login again.
Alternate:
You could also flush all cache by following command:
php artisan cache:clear
Due to a migration from silex to full stack symfony3, we have both systems running in parallel on the same host and domain with a switch in the frontend controller (index.php) based on $_SERVER['DOCUMENT_URI'] to decide which framework to bootstrap.
Now the intention is that both systems share the same session AND login/security token. Session data is stored in the Database and the session cookie could have the same name.
As both systems are based on the symfony security component, we thought this would be possible, but it seems that in the session/security token there is some information on the environment/path stored which seems to invalidate the login from one system to the other.
We manged to access the session from one system to the other "manually" by reading the cookie and accessing the database, but it is not working "out of the box". It looks like once the symfony side tries to access the session, we get logged out on the silex side.
Is it possible to configure or extend the security component in a way to make it possible that both systems can share the token "out of the box"?
Does it actually require to use the same "User" class? Because that is not what we are doing (but it seems the namespaced User class is inside the session)
I am using laravel 5.1 with Sentinel - Cartalyst auth driver. Problem is that Laravel can't "keep" users logged in. After some time (when they visit website) it automatically kicks them out with error that they are not logged in (I have filter that checks if user is logged in for every route expect login route). It really bugs me and I can't fix it.
I tried using cookies, file and database driver for keeping login sessions and they all fail.
Does someone knows how to deal with this problem? I am bulding project for Intranet users (under local domain)... Maybe that could be problem? Also I notice that cookies expiration time is current datetime that laravels sets for max expiration time.
Are you sure you imported the correct namespace path to Cartalyst? I had an issue with sessions not persisting and it was caused by importing the native php Cartalyst class rather than the laravel one. It should be something like Cartalyst\Sentinel\Laravel\Facades\Sentinel::class
I started to develop a web application as a major project for my degree. Purpose of app is not important. My problem is handling the login. I have no problem with setting up login with jQuery mobile, that is actualy working pretty well. Problem is I'm handling login with php script through ajax and creating session in that process. So for checking if user is logged in or not I'd normaly use a php script, but in this case I can't. I need to keep using only client side for authentication. What would be the solution for this? Can I handle authentication with some native jQuery functions or do I need to write some JS scripts? If anyone have any solution please I don't need actual code, just best solution. Thank you
You can achieve this as long as login authentication is restricted to the device. What I mean is that user-id / password combination can be stored locally on the device. You may choose local file system storage for this. Here are the steps:
1) Make user register with uid/password
2) Check uid is existing in your local storage. If not register by writing it to local storage.
3) Later when user returns, validate login credentials against the local store.
I assume you're developing a native app with a mobile web framework. In this case you have two choices:
POST the login details out to a server somewhere, authenticate and return the session, allowing the user access. This will obviously require internet access, but will be more secure.
Store the credentials in local storage using JavaScript when the user signs up. Encrypt this value and compare against it when the user logs in.