Laravel 9 session expire - laravel

Using Laravel 9 with Breeze(Auth Scaffolding) to make an admin panel. Throughout my views, I have a
auth()->user()->name
call that returns the name of the logged in user and works as it should.
Problem is - If I leave the page sitting for a while and the session expires, it doesn't route me to login, it gives me the following error:
Attempt to read property "username" on null
Error message
Am I missing something? My routes are all wrapped in middleware => auth group.
After this happens, I manually type logout in the url which logs me out and return a login BUT I always have to login twice. The first login does nothing, no error, no message.

Related

Laravel Auth::check() is non responding for timed out session

I have tried to use Auth::check() to authenticate if the user is logged in, it works but it still works even when the session has expired which I did not expect it to work.
Please how can i check if the session has expired inside the view file and redirect to login page. It is making some session based items to produce error in my page.
I prefer running the check in the view to execute the redirect command
Thanks

Middleware not working correctly after hitting browser 'go back' button for the first time Laravel

I have a login page and when the user enters their login and password correctly, I redirect them to a dashboard page. I am using Laravel guest middleware, so when a logged in user tries to go to login page, they get redirected to dashboard. Everything works fine, except when the user logs in and gets redirected to dashboard, if they hit the browser back button, the login page still shows. It only goes away after a refresh. How can I fix this problem?
Here's my routes:
Route::group( ['middleware' => 'guest' ],function()
{
Route::get('/', 'MainController#index');
Route::get('/loadLogin','MainController#loadLogin');
});
Surely this is because the browser caches the previous page? If the user attempted to POST or GET data to the page, the server would redirect them to loadLogin. The only thing the user is really seeing is the client-side code their browser saved, hence why the refresh fixes it.
JCode said check if the user is logged in the controller but controllers are not the place to be checking this.
Just check if user is logged in inside the index of MainController, if so - redirect to loadLogin.

Authentication sessions in Laravel 5.7

I'm trying to implement a domain wide authentication (DWA) on top of the usual user authentication. The use case is prevent a work-in-progress site from leaking to google/public.
Created scaffolding code using php artisan make:auth
Log in via /login and is redirect to /home which shows the default You are logged in!
When I reload /home, I see that $this->session->id in SessionGuard.php has an ID value which I will refer to as A, the session also has 5 attributes.
Next, I insert the auth middleware into the route /product/{id} and load it
I see that $this->session->id in SessionGuard.php has a brand new ID with 0 attributes
This causes authenticate() in Authenticate.php middleware to throw an Unauthenticated exception and redirect me to /login
As the browser loads /login, $this->session->id in SessionGuard.php now shows the ID of A with the earlier 5 attributes
/login results in RedirectIfAuthenticated.php middleware running and redirecting to /home
As a result of the DWA, I'm unable to load /product/{id}, it just keeps redirecting me to /home
My question is, why does #5 show a new session ID instead of A?
Where and how is this ID derived in the first place?
Thanks!
I found the solution Problems of routes in own package- Laravel 5.6
It was due to my controller having only the auth but lacking the web middleware. Hope it helps someone.

Using session to reach previous page after login in laravel

I am using Laravel 5.7. For security reasons, I set my laravel application to automatically logout after one hour inactivity. But I want the user log back in the same page before they got kicked out by the system. I try to use Session, but it only store previous url which is the login page url. How can I retrieve that URL before user got automatically logout?
All you need to do is put this in your logout function.
session(['returnUrl' => url()->previous()]);
And then on login function, redirect user to session('returnUrl') and delete session data with session()->forget('returnUrl')
Use this in your login controller
url()->previous()

Passing accessToken from frontend to PHP API

I've been trying to get authentication working (described below) in my laravel application, following these two tutorials:
https://auth0.com/docs/quickstart/webapp/laravel/01-login
https://auth0.com/docs/quickstart/backend/laravel/01-authorization
On the frontend (angular app):
User clicks log in button and taken to auth0 login page
The user logs in and is redirected back to the callback with the accessToken
The access token is stored on the frontend and passed to Laravel API each request.
On the backend:
User makes a request to my http://localhost/api/route passing the accessToken in the authorisation header
Laravel validates the user is logged in and valid.
Laravel allows access to that route
It works to an extend, but when I try to use postman to access the protected route by passing the accessToken I get the error:
"message": "We can't trust on a token issued by: https://myprojectname.au.auth0.com/."
Is my workflow correct? What am I missing?
Thanks!
Just in case if somebody facing with the same issue. The authorized_iss must contain a trailing slash.
In the laravel-auth0.php file the field,
'authorized_issuers' => 'https://myprojectname.au.auth0.com/'
should be in this form.

Resources