I have previously transferred laravel from server to another by copying the laravel project folder, now when i try to login using default laravel auth page , if i enter wrong auth value i get error auth.failed
but when i enter a valid auth value the page refresh but nothing happen.
I notice from browser view source the value of CSRF token is changing one i enter the valid auth value
I tried to delete the session files /storage/framework/sessions
and tried
php artisan view:clear
php aritsan cache:clear
but nothing happen.
How can i fix this issue.
Use Laravel Debugbar for easily debugging such kind of cases.
It's good, simple and sweet ^
I fixed the issue.
In the previous server i was using SSL for my domain so the cookies setting in /config/session.php was true:-
'secure' => env('SESSION_SECURE_COOKIE', true),
Since, the current new server i am not using https when i open my website, so i set the value to false
'secure' => env('SESSION_SECURE_COOKIE', false),
Now everything working fine.
Related
Can't test applications with Laravel Dusk if the app uses Laravel Passport for authentication. It's always 404 and if you stop the test with ->stop() it starts working.
The app is located: localhost:3000
and all requests are proxied to api.example.test
I've tried to authenticate the user inside the test:
$this->actingAs(User::find(1), 'api');
$browser->loginAs(User::find(1));
Passport::actingAs($this->user);
But still the same.
That's not the only problem, I think the main issue is also that I can't log in with Dusk by filling out the form and click "login"
$browser->visit('/login')
->type('#email', 'john#doe.com')
->type('#password', 'password')
->click('#login-button')
->waitForLocation('/');
But again, if you stop the test with ->stop() you can manually click the button and it will log you in.
Is Laravel Dusk useless if your app does not use basic auth?
Solved.
The problem was that my Dusk .env file had APP_URL=localhost:3000 where the front-end is located, but my APIs .env file had APP_URL=api.exmaple.com and that's why in my AuthController, I issued the token from env('APP_URL').'/oauth/token' <- which resulted in Dusk env to localhost:3000/oauth/token which is ofc 404
I changed that to env('API_URL') and added that value to my both .env files.
Problem description: after login I receive a 419 page, also session token keeps changing which causes Auth::check() to fail. Database token stays the same but on Laravel side session token keeps changing.
Locally it works this only occurs on live server that this happens.
What I have tried:
php artisan cache:clear
php artisan route:cache
php artisan config:clear
php artisan view:clear
composer update
composer dump-autoload
create fresh installation copy fresh one into old version and dont overwrite
changed cache from file to database
confirmed `/public/index.php` is correct
SESSION_LIFETIME = 120
SESSION_DOMAIN set to domain
generated new app key
checked file permissions
Session token changes:
As the snippets show my session token keeps changing but does not update in the database.
Update
Before the Laravel redirects the auth check passes but is not yet saved, after redirect session token changes and auth check fails. So from what I can tell something is causing my session token to continuously change after redirects.
My problem was fixed by assigning false value to: SESSION_SECURE_COOKIE in config/session.php:
'secure' => env('SESSION_SECURE_COOKIE', false),
I have Laravel set up. I am running multiple domains to it. Before yesterday I had one top level domain and a few sub domains. I added another TLD yesterday and everything started working weird. Specifically, when trying to log into the admin section it redirects to the home page. I have one admin but server domains coming to the site. My route group it:
Route::group(['prefix' => 'admin', 'middleware' => 'auth'], function() {
Sometimes is actually brings me into the admin but as soon as I click on a link I get logged out and redirected to the home page. I keep seeing 401 errors in the console as well.
What would cause this?
edit
Route::group(['prefix' => 'admin', 'middleware' => 'auth'], function() {
Route::get('/', 'AdminController#index');
Route::get('/pages', 'AdminController#pages');
Route::get('page/create', 'AdminController#createPagePage');
Route::post('createPage', 'AdminController#createPage');
Route::get('/page/edit/{page_id}', 'AdminController#editPagePage');
Route::post('editPage', 'AdminController#editPage');
});
$redirectTo = '/';
If you are using Linux, try to check the session file permissions and change them so the app can write session keys on that file and if it doesn't work, try to change the session driver to database.
how to change the session driver?
Go to your .env file and change SESSION_DRIVER=file to SESSION_DRIVER=database.
create a session migration: php artisan session:table.
composer dump-autoload.
Finally migrate (php artisan migrate).
Have you setting the SESSION_DOMAIN right?
One thing you may notice is that session isn’t saved when the user is logged-in in one store and goes to another. To fix that issue, we’ll need to add a SESSION_DOMAIN variable to our .env file, for example:
SESSION_DOMAIN=’.example.com’
That’s all, now user session will be shared across all shops/subdomains in our app.
https://medium.com/#maxkostinevich/how-to-build-multi-domain-laravel-application-e6d87d5e507b
If you are confident with the domain setup correctly. Please verify these few things.
1. Your config/session.php is correctly setup to support multiple domains.
'driver' => env('SESSION_DRIVER', 'file'), // check /storage folder writtable recursivelly.
'domain' => env('SESSION_DOMAIN', null), // verify if single domain is not given in .env or in settings.
'same_site' => null // it should not be strict if you have ajax request across these domain. I mean from javascript you may try to request to other domain.
etc...
2. Confirm, if your routes are not group under domain specific. something like:
Route::group(['domain' => 'xxx'], function($params)
{
// your routes..
});
3. If there is any hardcoded domain verification/conditions or redirection added in code.
4. Any values in .env poiting to single domain.
5. Also don't forgot to clear the cache/compiled view/routes and delete the temp files once. like generated files inside /app/bootstrap & /storage
// Clear Application Cache
php artisan cache:clear
// Clear route cache
php artisan route:cache
// Clear config cache
php artisan config:cache
// Clear compiled view files
php artisan view:clear
6. Any thirdparty package might contains the domain settings. Make sure to verify the files in your /config folder.
7. Check the url rewrite settings in .htaccess
8. Do confirm if there is any proxy settings are there or any software installed on server - very rare case.
In case still having issue, please restart the apache/nginx service once because sometimes the config changes not effected after change that might need server restart.
Hopefully it helps.
I have a problem. I have 2 computers, the first is Ubuntu and the second is Windows 10. Both computers have a bundle of Vagrant + VirtualBox + Homestead. On a computer with Ubuntu, everything works fine, and on a computer with Windows 10 when I try to send a form to the server, I get the status 419 and the message:
The page has expired due to inactivity. Please refresh and try again.
The CSRF token is updated every time the page is refreshed. This is a clean installation of Laravel + php artisan make:auth and php artisan migrate (default tables) in the clean Homestead environment on both PC. The rights to the session directory are full, the user is vagrant, the group is vagrant. Session file is created..env files are identical (standard), except for the name of the database. What could be the problem? I really need your help!
All the advice on a similar problem did not help me. Cache view, config, etc. i cleaned, the key generated anew. The browser cache was cleaned, cookies checked - on the spot. The only difference between the two computers is the operating system, but does it matter when Laravel is on the Homestead virtual machine?
From your video, change the APP_NAME in your .env file to something other than ‘Laravel’.
I would bet, you have other sites running under the same local URL that have the same APP_NAME.
Changing the APP_NAME changes the session cookie name in config/sessions.php
'cookie' => env(
'SESSION_COOKIE',
str_slug(env('APP_NAME', 'laravel'), '_').'_session'
),
You can manually override the cookie name by setting the SESSION_COOKIE variable in your .env file OR let it fallback to the calculated slug above that utilizes the app name (2nd parameter).
Google Chrome is the only browser this happens in for some reason. I spent almost a year trying to figure this problem out and this was the solution!
Add the route entry in app/Http/Middleware/VerifyCsrfToken.php
protected $except = [
'your/route'
];
If you have already included the CSRF token in your form. Then you are getting the error page possibly beacuse of cache data in your form. Open your terminal / command prompt and run these commands in your project root.
php artisan cache:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear
Also try to clear the browser cache along with running these commands.
Make sure the session secure value in file app / config / session.php is set to null.
'secure' => env('SESSION_SECURE_COOKIE', false),
I'm building a web app in my local system (Ubuntu-14.04 64Bit) using laravel 5.3. I used Socialite to signin from social networks. I configured G+, Facebook, GitHug. I'm using Chromium as my default browser. Finally the problem is i'm getting
InvalidStateException in AbstractProvider.php line 200
frequently. i tried
php artisan cache:clear
php artisan config:clear
composer dump-autoload
these are helping to solve the issue temporarily, again the problem raising.
please help me in this issue..
I have the same issue and I've read a lot about this, that depend if the URL where you are at the moment of the login request has www. at the beginning or not.
Into config\services.php, if you have the redirect set as http://sitename.tld/callback/facebook the oauth works if you send the login request from sitename.tld, while if you try from www.sitename.tld you get the exception.
I haven't yet understood how to have it working with and without www at the beginning.
If the AbstractProvider.php line 200 fires the exception when the state of the user is not present means that the User cannot be created.
First check your code when you get the details from the provider(facebook, github) if you create a user and you return it.
If you have managed and logged in your app and you deleted the user from the user table remember to delete also the data from the socialite account table.
I was getting that exception because 'state' wasn't saved in session. But I was using asPopup method - Socialite::driver('facebook')->asPopup()->redirect(); so I saved session then - $request->session()->save();. So I solved this issue.
or try
session()->put('state', $request->input('state'));
$user = Socialite::driver('facebook')->user();
it works
I have same issue and solved in 3 steps;
add request on the top
use Illuminate\Http\Request;
Pass request object to function
public function handleProviderCallback(Request $request)
{
try {
$user = Socialite::driver('facebook')->user();
} catch (Exception $e) {
throw new Exception;
}
}
Clear cache.
php artisan cache:clear
I had the same error but my solution was a little different. I am posting here just in case someone else keeps hitting this post like I did for a possible answer.
I develop on Ubuntu 18.04 desktop since it is a server with a GUI. Socialite works great locally but as soon as I pushed/pulled the changes through git to the server, it quit.
I was running traces by recording what was sent to and from google. I "dd($_GET)" to get a raw dump before Socialite had a chance to get the info so I knew what was stored and ready for use. All info was there but Socialite didn't seem to "see" it. That is when I reasoned it was my apache2 header configuration interfering with the cookies/session data.
I had set header security in my apache2 configs. One of the settings was
Header always edit Set-Cookie ^(.*) "$1;HttpOnly;Secure;SameSite=Strict"
This setting was interfering with the cookie information that socialite needed. I removed that setting from my apache2 header config(by commenting out) and restarted Apache. Finally I removed all sessions in storage/framework/session/* and cleared them from my browser just to be sure. That worked for me.
After I got it working, one by one enabled and tested each of the following settings to have the framework secure what header info it can:
SESSION_SECURE_COOKIE=true
in my .env file
'http_only' => true, and
'same_site' => 'lax'(setting to "strict" did not seem to work)
in my config/session.php file.
Now it is back to testing security and tweaking things back if need be.