I have 3 apps and those 2 are laravel apps and 1 is vuejs
I've tried setting up session to store session data in to the database so that I can have a shared sessions between my apps.
Things work between laravel apps, however, I have trouble when it comes to my vuejs app.
Btw, in order to proceed to any of my vue routes, I have to check first if token exists and is correct.
But since I am using laravel sessions now, I guess I need to check for cookie session id now?
and if so, where do I set the cookie session id?
Better use Laravel passport (OAuth) as a token generation for you Vue application.
Related
I am newbie with laravel.
I understand that in order to protect routes, you have to first check if a user is authenticated and a session is made. thus, we apply auth middleware in the web routes.
However, I am trying to implement laravel passport and now I am not able to proceed to my routes anymore since I have been authenticated using the passport.
My question is that is it possible to secure the web routes with passport token instead of laravel session? and if so, how one should do it?
Thanks, sorry for english, not native speaker.
Laravel passport is for API routes not for web routes you can use laravel session for web
for more details read it's documentation
https://laravel.com/docs/8.x/passport
Description
Currently, all my clients project was builded using Laravel Passport but recently I had read about the Laravel Sactum. It sounds similar to me.
Questions
I am getting really confuse? What are the main different between these two and in what scenario we should use each of them? Since we already have passport, what is the point of having Laravel Sactum? Any hints?
laravel passport follows oauth2 and is one of the implementations.
laravel sanctum provides a simple way for your authentication system for SPAs.
As you already used passport, there is no point to change to sanctum.
Sanctum is for the app that does not want to use the complex oauth2 flow.
To understand thing in dept
Article :https://divinglaravel.com/authentication-and-laravel-airlock
Notes: Laravel airlock(Old name) and Laravel sanctum(new name)
Youtube's Explanation: https://www.youtube.com/watch?v=LELn-3ZpH9I
My Summary (Benefits of Laravel Sactum)
If you are using spa(single page application, either vue, angular
or react). Need not to include the bearer token into the request. It
is automatically done after your first request to
/airlock/csrf-cookie. The whole idea is turn the stateless http to stateful http.
If we have a stateless application like mobile application or
others. We could easily create a stateless token using the following code.
$user->createToken(
'laravel-forge',
['server:create', 'server:delete']
);
Simplify maintenance part because programmer does not need to understand the concept of oauth2.
I'm currently using Vue (and VueX) and Laravel Passport. I have my register page working fine, now I've moved into my Login page. All the tutorials and posts I've seen online show a login system where the generated token is stored in localStorage but I've seen also that everybody says we shouldn't store any sensitive data in localStorage, then how should I do it? How can I manage sessions if my frontend (VueX) is separated from my backend (laravel)?
It's alright to store the token in localStorage, what you need to do is set the expiry of the token for less time, let's say 2 days.
These lines should be added to AuthServiceProvider.php
Passport::tokensExpireIn(now()->addDays(2));
Passport::refreshTokensExpireIn(now()->addDays(30));
I use Laravel Framwork for all my php projects, and I am wondering if Laravel 5* store user critical information in session or cookies. I mean in server side or client side.
on Laravel 4.2 and using Sentry 2.1, it looks like there is no way to have Sentry use the same cookie as the laravel session. Right now, the cookies for Sentry are being set for 5 years into the future by default. I don't see a way in their configs for this to change. Looking in the package code, I do see the 'forever' function, but the time is not configurable from what I can tell.
The question here is how can you maintain a user's laravel session cookie is expiring sooner than the Sentry cookie, since some features are toggled on/off in session within Laravel, and if the cookie expiration is long than the Laravel session, it will throw the system into thinking it's OK for that user to be logged in when really the Laravel session is now an entirely new session.