I want to create one login for my two laravel application, one on subdomain portal.mydomain.com and the other is app.mydomain.com (if not logged in, will redirect to portal.mydomain.com).
In this case, I try to use database driver, so I create table session with laravelish style.
When I login via portal.mydomain.com, I see session data on table session is updated like this :
|id|user_id|ip_address|user_agent|payload|last activity
|ec4156b47e3e527af871c7b4b688393aee631cda|9|(myipaddress)|(myuser_agent)|YTozOntzOjY6Il90b2tlbiI7czo0MDoiWnQ1OXpBNzhsZ3I4ZVJUc2tXeEtiTExkU1R6T1hHSUNBYWxrSU1obCI7czo5OiJfcHJldmlvdXMiO2E6MTp7czozOiJ1cmwiO3M6MzQ6Imh0dHA6Ly95ZHBidWRnZXQudGFuZ2tvdGEuY29tL3Rlc3QiO31zOjY6Il9mbGFzaCI7YToyOntzOjM6Im9sZCI7YTowOnt9czozOiJuZXciO2E6MDp7fX19|1503693006
And on portal application, it successful to login. But when I try to access app application, it updated column user_id set to NULL and the payload change and its force logout on portal application too.
Idk why its updated the value on session table when its should be put the value
Related
I want to be able to disable certain users in my laravel 7 app. I therefore created a column "active" in the "Users" table and when set to active = 0 the user isn't able to login anymore.
The issue I have is the "Remember Me" function, since already logged in users still have access to the app after I disabled their accounts, because they don't have to pass the login form.
Will deleting the "remember_token" in the "Users" table have any effect on this? I tried this with a user (deleted the users remember_token in table) but it had no immediate effect, since autologin still worked after that. But maybe I'm missing something here.
Additional Info: I'm using Laravel Passport for authentication.
I decided to go with the middleware solution, as I didn't want to reduce the overall SESSION_LIFETIME.
I created an extra middleware called "VerifyUserState", because I didn't succeed in reading the users "active" value via Auth::user() or $this->auth inside of the authenticate/handle function in Authenticated.php middleware.
I followed this tutorial to achieve this:
https://www.itechempires.com/2019/08/how-to-create-configure-and-use-custom-middleware-in-laravel-5-8/
Now it works as needed.
I want to create a web app using Laravel and I want to use Socialite to register users using Gmail, but I want to know instead of creating a user record in the callback, I want to give a sign to the frontend (Vuejs) and let it view a form where user should complete his information then submit the data.
If its not an SPA I would say I have to save user data in the callback in the session then return a view and fill other info ...etc, but in my case its SPA and I don't have session so whats the solution for this problem ?
I worked in Codeigniter . I want to logged out a user from all browser when he change his current password.
I Want to destroy all session of the user.
There are a few ways you can achieve this, one would be having a random string inside the table for sessions, check this key on every http request made by the user, when they change the password you alter the key, and it would not match the users key anymore. When this happens you just manually log them out. One way of implementing this can be by using CodeIgniter hooks.
I have a external facing website (Back end SQL Server and ASP.NET) where I want a feature that if a user from same id is already logged in, and he tries to login again from some other browser or through some other channel, his previous session should be expired.
So for this in which way should I proceed ?
You can store the sessions in a database, by providing a unique session-id every time a user logs in. By storing the session-id also in a session variable you can see when the user is logged in somewhere else.
For example:
User A logs in in Safari on his laptop
Session id is generated and stored in database and session variable
User A browses to different page
Session id in database is compared with session variable
ids match, user is still logged in
User A logs in using Chrome on his phone
Session id is generated and stored (overwriting the previous) in database and session variable
User A browses on his laptop to a new page
Ids do not match, redirect to login page
You can also make this more general by keeping a session table, in order to allow a maximum number of sessions per user. The key is just to use a global storage like a database in combination with the session information to verify where the user logged in last.
How to prevent multiple login from a user in the same session in Wicket?
you can create a table in your database to hold the ids of logged in users.
when a user logs in check if his id is in said table
otherwise insert his id into that table.
you also need to remove the user's id from the table once user logs out
you can integrate spring security with wicket. Spring security handles it automatically.