After creating authentication system for user using Laravel 5* I am wondering where Laravel store user session?
In other words Laravel store user session in a cookie(client side) or server side?
And if in cookie so it hash that session right? and this is not secured right?
Laravel stores it on server side. You can choose where to store it: files, DB, Redis etc.
Laravel ships with a variety of session backends that are accessed through an expressive, unified API. Support for popular backends such as Memcached, Redis, and databases is included out of the box.
You may learn more about sessions here.
Related
I have 3 laravel Applications with 3 databases.
Application 1 is the Login for authentication (Registrations and Login) and is only connected to the users Database .
Application 2 allows user to perform some basic operations and is connected both to user and App2 Databases
Application 3 allows users to perform some other operations different from application 2 and is connected to users and App3 Databases
Now my problem is to allow a user looggin once through Any of the applications and is automatically logged in to other application
More like having a single google account that works in all apps.
Application 1 will be access through the main URL
www.kokoka.com
while others will be access through
health.kokoka.com
school.kokoka.com
I have tried
https://github.com/awnali/SSO-laravel-5
I have also changed the Domain in session.php
'domain'=>'.domain.dev'
all to no avail
You need to set the session file to database and everything related to sessions should be identical. Basically the session.php file should be the same between both, they should have a common database, and the key and cipher type should be identical.
If they have the same domain name (ex: server1.mydomain.com, server2.mydomain.com) but different hostnames/subdomain names, then the cookies should still work fine as long as you set the domain correctly (ex .mydomain.com). If they are on the same server, you can still use a common key-value system. If they are on separate servers, you either need a common storage location (like S3) or a replication enabled key-value system like Redis or Memcached. You could also use MySQL if you need to replicate other data types, but it's very heavy for just key-value pairs.
If they have completely different domains, then cookies will not work. In that instance, you would need to reference cross-site session ids through GET query strings, and perform session migrations in the back-end using either common or replicated systems, or via some secure API. This is a very difficult system to setup and only works if you are moving between the domains using links embedded in the sites. Bookmarks or manual address input will loose session data.
Another way to acomplish what you need is to use the new funcionality of laravel passport.
Laravel already makes it easy to perform authentication via traditional login forms, but what about APIs? APIs typically use tokens to authenticate users and do not maintain session state between requests. Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. Passport is built on top of the League OAuth2 server that is maintained by Alex Bilbie.
This will let you share data across multiple domains through an API so you can share the session and user information. This is the way most people prefer.
How can I manage the session in Oracle JET application.
I've been working on small pilot application where I need to check if the user is logged in on every request.
I didn't find any resource on the same as the framework is recently published by Oracle.
JET uses web sessions if you configure it as a web application. So authentication would be managed by the Web server.
Frank
Because of the client nature of JS source, there's no session on the JET side of your application, Session is a (HTTP) browser feature. You might handle session exactly the way you did with a pure JavaScript, JQuery, Angular or everything else application.
There may be two ways to do it
Use web server to manage the sessions.
You can store session values (some data after login REST API call) in local storage or sessions storage based on your need. For managing
session you can check in your app controller and redirect based on
that.
Hope this help, please let me know if you faced any problem. I have recently implemented session in Oracle JET based on the above points.
I am using Stripes framework for my webapp. Currently we have a requirement to implement load-balancer. To manage the user session some how I have to store the session data and access it in multiple servers to avoid logging out of users.
I am new to all this. Is there any support comes from stripes that allows to do that.
Thanks in advance for any help.
My server needs to log-in to another server (for accessing payment API). Result of successful log-in operation is a session token that is valid for 25 minutes.
Where can I store this session token so that it is available across multiple requests and multiple users? (i.e. user session is not an acceptable solution).
I need some sort of an application state or cache storage.
Just to demonstrate the problem - a file could be used to store this value, but I don't want to deal with concurrency, and security implications this solution comes with. I would prefer an in-memory solution.
You could use either the core JSession or JCache framework objects.
http://docs.joomla.org/JFactory/getSession
http://docs.joomla.org/Using_caching_to_speed_up_your_code
http://docs.joomla.org/Cache
I am trying to setup an control server application with Spring-JPA back-end and Restful web services to expose the back-end methods. My user sessions and authentication/authorization has to be handled through the back-end control server. The entire application has to be setup in clustered environment with user session replication.
I'm not able to figure out which mechanism to use to store the sessions, since the Restful Web services are stateless. I will generate a unique session token for each user session and store the session token and user attributes map as key-value pairs.
I cannot use static Maps and ServletContext to store the user session because the session replication is not possible.
One alternative is to store the user session in the Database.
Please suggest me if there is any other way by which this is possible.
Thanks,
Hari
You probably can use Cookies to store/read the session attributes. Other alternative might be to set them as URL parameters (if feasible).
on separate note, idea to store the session in DB and pass the session id across requests sounds like good plan.