I have two independent copies of a same Laravel app on my domain, each one behaves as expected when used exclusively:
app1.mydomain.com
app2.mydomain.com
They do have different APP_NAME values in their respective .env files. I do want the two to be completely independent (thus all of the rational env variables are set appropriately unique, e.g: the APP_KEYs, APP_NAMEs, APP_URLs, etc). While two distinct databases are designated (though on a same host, of course), I've put an identical "user" on both of the databases.
The thing is, sometimes when they're being utilized together (kinda concurrently), a 419 error shows up when I'm already logged into one of them through the "user" credentials, and try to log into the other one through a distinct but identical "user" credentials! Seems like the app2 thinks the user is already logged in; while the user is already logged into the other supposedly independent subdomain. I've tried SESSION_COOKIE and SESSION_DOMAIN environment variables to no avail.
By setting the SESSION_DOMAINs to app1.mydomain.com and app2.mydomain.com respectively; you may log into one of them successfully; but trying to log into the other one displays the error page of 419! Also, the domain entries for the session in the browser are set with a preceding dot, e.g: .app1.mydomain.com (while when you omit the SESSION_DOMAINs, the values do appear without the leading dot.)
I've noticed a session of app1_session does also show up in the browser cookies for app2.mydomain.com (and sometimes a session of laravel_session do also show up! the laravel is a default string substituted whenever the environment variable of APP_NAME is not read by the system!)
So, what's wrong and how can I fix it?!
Assuming you are setting up each .env file pointing to each separate sub domain. The functionality you may be after is setting the same_site value to strict.
This will ensure only cookies that are from the defined domain are accepted.
P.S. for good measure, a php artisan config:clear once you change it.
I think its not a Problem on Any of your subdomains Probably . I think You where checking out Both the site on same browser instance that why this issue is occuring try to use one on normal browser mode & open another on Private mode (or) Incognito mode ... it would probably works on your case ....
If it does not works for you Implement A Laravel Session Table So you can Track Session IDs of logged in user having a current session i hope it works for you
Same issue happening to me, fixed by setting different values for SESSION_COOKIE= inside each project .env
Related
Before anyone tells me to Google it - I did and followed the instructions on this link:
https://medium.com/#zsolt.gyure96/how-to-share-sessions-between-two-laravel-applications-4b9d061fa599
Below is my setup: I have a group of sites that are all under the same domain hosted under different directories. I use virtual host aliasing to point them. For example, alias blog points to example.com/blog. Now, I would like to share the users and sessions among my apps. I followed the instructions in the above article and created a common_database that manages all the user data and sessions. My apps can read the sessions table. I also have the same session set up as my domain.
By adding
protected $connection = 'common_database';
in the following files I can login and register from example.com/blog/login or register routes.
vendor/laravel/ui/auth-backend/RegistersUsers.php
vendor/laravel/ui/auth-backend/AuthenticatesUsers.php Instead added
The only problem I have now is that there is no session sharing. For example if i login example.com/blog/login then I cannot use the same session for example.com or example.com/news. I have to re-login. What am I missing here?
SESSION_DRIVER was not set to the database in the main site's .env.
I don't know if it will work for you but what I did was instead of using SESSSION_DRIVER=database I used SESSSION_DRIVER=cookie on .env file make sure your APP_KEY is the same for both projects.
I have a variable, session.acclevel, which is set during the login process (the program is login2.cfm).
<cfset session.acclevel = logdata['LOGACCESS'][1]>
The values can be N,R,W,A,M, and they are retrieved with query name = "logdata" from a table which I'm calling XXX here. If the login is successful, login2.cfm redirects to program navbar.cfm
<cflocation url = "navbar.cfm?welc=yes">
which is a set of dropdown menus, rather like a dashboard. Depending on the value of session.acclevel navbar shows more or fewer options. The session.acclevel variable is also used throughout the system to control various user activities.
All this was working fine, and then it suddenly stopped working -- session.acclevel was fine when navbar started up, but disappeared as soon as any selection was made. Yet, no code had been changed. The only thing I had changed was to alter the MySql table definition of the acclevel` variable type:
alter table XXX change LogAccess LogAccess enum('A','W','R','N','M');
to add the option 'M' to the enum. I did not chnage any data in that table, and I made no changes to the coding anywhere.
I double checked the timeouts (I am using system admin defaults), and tried without success to trace where the variable was getting lost. I closed and reopened the browser, without fixing anything.
Finally I went to the administrator and changed session management to J2EE -- and that fixed it. session.acclevel is now staying put.
Could someone explain what was going wrong there? I would like to know in case this defect in the ColdFusion session management is caused by weak code that I could avoid, or in case it later breaks under J2EE management.
I am not a superb developer, so I guess the problem I did run into is just to big for me.
I have a project where I have different subdomains for the current language. When I login a user it is logged only for the current subdomain. So when I login at "en.Aproject.com", and then go to "de.Aproject.com", the user will not be logged in. They don't share the session. I already tried to modify the 'domain' => null, in app/sessions.php. But when I change the value here the Login doesn't work at all. Then everytime a new Session-row is created in the DB and Laravel seems not to recognize them.
Is the current domain saved somehow in the session identifier? Is it possible to use one session for different domains? I found some stuff about OAuth and Single sign-on but I can not handle it by myself.
I was thinking about (when logging in and the credentials are correct) calling a script via Ajax, which should log in the user for all needed domains. But I would have to do the same for logging out.. And I will probably have a lot of domains. The project will have one base page and several subprojects (all with the different languages). Like this
mainproject.com
en.mainproject.com
de.mainproject.com
...
Aproject.com
en.Aproject.com
de.Aproject.com
...
Bproject.com
en.Bproject.com
de.Bproject.com
...
So it would just feel wrong to log in the user to like 20 different pages and create 20 sessions... It would feel better to just use one session for all of them.
Okay, I hope you understand the problem and someone already had the same problem and found a solution. Thanks!!!!!!!! greets. gerti
Background info.. I am using Laravel 4.2
Now I just tried something, maybe it helps someone. Actually point 2 is weird to me (see below)
I display these 3 things:
Session::getId()
Auth::getName()
var_dump(Session::all())
I display them on "de.Aproject.com". Here I am logged in.
And i display them on "en.Aproject.com"... Where I am still logged out (which I want to fix :D )
The value of Session::getId() is different on both sides. Thats the problem I guess, they should share the same.
The value of Auth::getName() is the same on both sides (login_82e5d2c56bdd0811318f0cf078b78bfc). Which I don't understand. Why does the second page have this value when i am not logged in?
The value of Session::all() is ["login_82e5d2c56bdd0811318f0cf078b78bfc"] => string(17) "test#test.de" on the first site, on the second its empty. Thats correct.
Since the default Laravel authentication system uses cookies to manage the session, you actually need to login the user on each subdomain you're going to use. To avoid that, you can use another session driver like database.
I'm using Codeigniter/PyroCMS which uses ion_auth.
I have my session stuff set for two hours. I'm using db sessions.
There is a gremlin somewhere that is booting the session after n minutes, sometimes. It is very random, and as such is hard impossible to reliably reproduce.
I've added log entries to the Session class (specifically sess_destroy) but that merely logs the session being destroyed, which I already knew.
I tried to add a debug_backtrace() into said log entry, but that aint jiving with teh codes (it doesn't get logged/it spits it onto the screen for a split second before the !session redirect).
Is there a good/proper way to track this down?
Thanks guise.
update: I added a few more log entries in Session.php Turns out the db session is being deleted/overwritten incorrectly. WHAI?
This seems a problem quite common. I have used (and happily accepted as recommendation)
Codeigniter's Native session (there is a download link at the bottom)
BUT, due that it is an old library you MUST made some hacks. You can check those simple hacks in the library's forum
Just drop this file in codeigniter's library directory and see if resolve your problem. Please feedback.
Sounds like your session cookie is prematurely expiring. Start by checking the settings in your config file for your session related stuff. Namely the $config['sess_expiration'] value, which defaults to 7200. Which is 2 hours.
Then check your php.ini, which I believe defaults to 3600. (1 hr)
Otherwise, I would say that if your code is on a unix system, try a
grep -Rn 'sess_destroy' .
The other thing you might want to look for is anyplace that is attempting to possibly write NULLs or empty values to the session. It's possible that you don't have a sess_destroy anywhere, but that you could have something to the effect of unset($_SESSION).
Hope this helps.
It appears to have been an issue with the server and resolve.conf mapping things incorrectly.
I thought this would be simple but I guess there's a catch somewhere...
I'm developing a custom part of code for a Joomla installation and I need to unset some session variables before executing my code. So, naturally, I have
$session->clear('var1');
$session->clear('var2');
$session->clear('var3');
$session->clear('var4');
but the page appears totally blank and nothing happens. Any suggestions?
Assuming that you got the $session variable like this:
$session = JFactory::getSession();
If you are getting a blank page, you probably some error in your code. Do you have access to some kind of error log? If not, you can try to force displaying errors from your code if it's not a production environment (although it's not the best way to do it) or enable debug mode from the joomla administrator.
You can also try to run the php file in your browser, and if everything is ok and there are no parse errors in the file, you should see a message like 'Restricted access' or similar.
Besides, if the script is not crashing, you can check what value is returning each call to $session->clear( 'xxx' ) (It should return the value you just cleared.
The last thing that comes to my mind is that the vars you have stored in session are in a different "context". When you get/set data to session, you can pass a "namespace" as an additional parameter, so these vars are stored in that "namespace" (in fact, it's stored inside another index inside the session. So if possible, you should check if these variables are stored in session using a different "namespace":
$session->set( 'var1', $value, 'another_namespace' );
If so, you should clear it like this:
$session->clear( 'var1', 'another_namespace' );
P.S.: I said "namespace" because it's the parameter name that Joomla uses in these session methods, but don't get confused with PHP namespaces.
I hope it helped!