I'm trying to create a simple logging app with express-session, connect-mongodb-session and apollo-server-express and apollo-client for UI.
Here is my login function:
Here I'm finding session from the context to use it for protected routes in UI:
It works on GraphQL Playground:
And I can store cookie on UI as well:
Here is UI code:
The problem is that after refresh, cookie does not diaper, but ItIsMe querie does not work as intended.
Meaning when I'm requesting ItIsMe querie it returns null unlike GraphQL Playground behavior
If anyone knows where the problem could be, please help me out. Thanks.
The issue was an SSR on client side.
https://github.com/apollographql/apollo-client/issues/10311
Related
Using a Laravel backend and sanctum for handling the PAT's
Main issue is that the gSSp runs before the react tree so im not able to access the localstorage or the context...
Tried using axios interceptor but not sure how to use it properly.
Yes i'm aware that it shouldn't be stored in the local storage, its a graded project and I needed to at least let it seem functional for presentation. But it needs to be hosted today and that's my main issue with identifying different users...
Any help would be appreciated...
Discord : Prøxïmïty#1506
When I upload a file through my app that uses Spring framework and spring security, it sends a CSRF token in the request through Spring to prevent CSRF. This token does not seem to be generated as it's left out of the request URL in Firefox. Again, this is happening in Firefox only. Does anyone have any experience with this and/or have any insight as to why this is happening? I've tried accepting cookies from this website in the browser and doing a few hacks in my code to allow it, but none of it seems to work. Thank you.
In case anyone is wondering, it turns out that my async call to retrieve a new CSRF token wasn't firing on time and the form would post without it, hence causing this error message from Spring. Check if you're posting the form prematurely if you're getting this error.
I'm learning both Sails and Vue.js and making a full REST app to do that.
So far from now, I've made a multi-step sign-up page in Vue which is working fine and POST all needed informations in my different Controllers in Sails, it also creates the user.
Now, I'm working on my login page. Again, no problem to PUT informations in my Login Controller and I receive an OK (200) response which let me know the user is logged on my backend server.
Now, I would like to understand how I could keep the information the user is logged-in my server and let him access to private content on my front-end app -> securely. I have understood that Sails use Sessions (alias of cookies ?). Also in the common example on the web, people tend to use JWT which transmit a crypted JSON between the two environnement (and so desactivate the cookies ?).
So, could you please give me a semantic explanation on how I can make both app exchange securely and manage it in Vue Js. I just need some "track" to follow.
SOLUTION
For those who like me are blocked at this initial step, I resolved my problem this way.
1) My backend Sails app generates a JWT (token) on each login.
2) My frontend Vue app stores that information thanks to Vuex and set the header of each request with an Authorization parameter composed of : 'Barear ' + token.
3) All frontend resquests to any Sails controller are verified thanks to a Policy which compares the token in the header of the request with the one generated at the first step.
Now I just wonder if using built in sessions in Sails is relevant or not.
I am working on Laravel 4 application and using Sentry for authentication. I need to add Keep Me Logged In functionality into my application. I have googled around and found that passing second variable to Sentry::login($user, $remember) sets up a cookie. I have done that and can verify that it is working from the browser (Chrome). But somehow whenever I try Sentry::check() after a day it returns null for cookies. Even when the cookie is present in the browser. Can anyone point out what am I doing wrong? Same happens when I attach my custom cookie to the response.
This scenario happens on my production server. Whereas it works fine on my local server.
PS: Lifetime of the cookie is set to forever (5 Years)
After working around for sometime on the issue I was finally able to resolve the issue by creating and attaching custom cookie to the response after login. And then wrote a middleware to check for that cookie. If present then login user and continue.
What is a proper way (best code organization) to get user object from JWT in storage on full page refresh (it requires new ajax request) ?
How can I perform an ajax request before my angular app's routing start?
Adding an extra request in resolve part on every route is bad (DRY). How I can simplify that?
Is an abstract view (using UI router) with resolve best solution?
It is a good practice to use ajax with jwt for user experience.
you can set your user object to $rootscope once then use in any route.
using resolve with ui-router is perfect way for your situation as i think .