first of all im new in Laravel and i used Codeigniter before...
Users in my project have one session for each system they logged in to and each session has its own token.
sessions are stored in sessions table and sessions table is related to users table for retrieving the users informations by token
User token and authentication is written by me and I do not use Laravel authentication system because I recently transferred my project from Codeigniter to Laravel.
so how can i manage this sessions and token generation with laravel authenticating system ?
Related
I have 3 apps and those 2 are laravel apps and 1 is vuejs
I've tried setting up session to store session data in to the database so that I can have a shared sessions between my apps.
Things work between laravel apps, however, I have trouble when it comes to my vuejs app.
Btw, in order to proceed to any of my vue routes, I have to check first if token exists and is correct.
But since I am using laravel sessions now, I guess I need to check for cookie session id now?
and if so, where do I set the cookie session id?
Better use Laravel passport (OAuth) as a token generation for you Vue application.
I am trying to use a API which has a postable address where you can verify if a customer's username/password is correct, if so it returns a user ID.
What would be the best way of handling this, I need to query that postable API from the login form on my Laravel website to see whether or not a username / password is validated.
How can I use Laravel's Middleware to store a USER ID and session securely?
How can I create a Laravel session to allow someone to login to my Laravel site using their WHMCS client login?
The API I am using is https://developers.whmcs.com/api-reference/validatelogin/
I have a database of users that work with web login based on laravel sessions. Now I want to generate an api token for each of these users for an api login, how can I generate it? I have already migrated to the database for this new column but I need each user to have their api token.
I'd recomment you to use Laravel Passport. APIs typically use tokens to authenticate users and do not maintain session state between requests. Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.
If You need session mechanism then You should use Laravel Passport.
But if You are building traditonal stateless REST Api then you can use API Authentication
I have created a REST application. In this user can register and login. I have a problem like If A user login with a desktop-1 with there credential and same user login with same credential with desktop-2. I have to restrict the user to access account. Means if user login with desktop-2 the I have to logout desktop-1 account.
How can I achieve this using spring security?
Can I make this with JWT Filter configuration or Session management with spring security?
Is there any other way to handle my scenario?
Your question in about spring with JWT. You want to enforce users to login only with 1 device.
I faced the same issue (not with spring but with node-express server , but the solution is general purpose , can be implemented by any language with any framework). The reason you are facing the issue is due to JWT.
JWT is stateless , so server have no idea how many users and on which devices they saved JWT tokens . Server can only verify the JWT , but can not enforce users only use it in a specific device. To achieve this you have to keep track of all JWTs ( issue to which user and when )in your server , which is indeed against JWT principles of stateless architecture.
What can be the solution is that :(which I also implemented after many research) :
do not use JWT for these type of application where user session should be restricted by device no.
Istead use random tokens on inmemory db like redis. For a single user ,create a random token and send it via http-only cookie to the client if login success and save it in redis like db. Then every time the user will send request ,you will receive cookie automatically , then you can check the cookie with redis or other in-memory db ,if such cookie exists and matched , means user is authentic.
If user try to login again , there will be already pre existing token in the redis db , so you can send response to the user showing message " logout from the previous device" or you can change the token so the user can not be authenticated for requests send from older device .
** Special note : I used redis , that does not mean you have to use the same , you can use other in memory dbs , also general database will also work like mongodb , MySQL or Pgsql etc. But these traditional db querying took extra time (latency issue) which can cause extra response time overheads. In-memory dbs are fast as accessing RAM is quite faster .
I use Laravel Framwork for all my php projects, and I am wondering if Laravel 5* store user critical information in session or cookies. I mean in server side or client side.