Auth controller keeps redirecting me back to home page. A Session is setting fine. I am using cookies as the driver.
A Session Cookie is being set, but Session Storage, viewed with Chrome Developer Tools, is empty.
It redirects fine, if I comment out the redirect()->guest('/'); in middleware. It means that it keeps authenticating as guest and if I var_dump(Auth::user()); I get NULL.
Maybe you need this. I answered it in another question here:
Laravel 5.2 - Every route redirects to the homepage
Related
When payment gateway like payumoney, ccavenue, paytm etc. redirect to callback url or redirect url or you can say that after payment success or failure we are able to collect data from gateway but unfortunately session destroy automatically sometimes. Sometimes i am able to collect session data and sometimes it destroy all the
session data. As i check, session actually not destroy but it creates a new session file or regenerate a session id.
There no white space, no special characters also i have tried to store session in database but not helpful.
Also changed the system/libraries/session/session.php
i have also tried this
session destroying in codeigniter after redirecting
Add these lines to your code
ini_set('session.cookie_samesite', 'None');
ini_set('session.cookie_secure', true);
Comment below line if you have in your code
ini_set('session.use_strict_mode', 1);
This solution worked for me in core PHP try this in CodeIgniter and check if it works
This issue is related to the SameSite Cookie Policy (Browser Policy), this is not related to payment gateway.
Please follow below step to fix it.
Use Cookie with SameSite None - https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md
OR
add below in .Htaccess (It can be help
Header always edit Set-Cookie (.*) "$1; SameSite=None"
One of my website is developed in Laravel, it was working fine before. What does is I want to move website from beta.example.com to example.com so I have pointed to beta with original domain name(example.com).
The Website is working fine but all remember me functionality is not working. Now Users have to enter the password and also if they check the check box (remember me) still it does not store the password in cookies or session.
Please help me.
Thank you
You have two options:
1) Add remember_token column in your users table - this is where the token will be stored.
2) Pass true as a second parameter of Auth::attempt() to enable remember me behaviour.
If you do this, Laravel will generate a token that will be saved in users table and in a cookie.
On subsequent requests, even if session cookie is not available, user will be authenticated automatically as long as remember-me cookie is there.
I am working on Laravel 4 application and using Sentry for authentication. I need to add Keep Me Logged In functionality into my application. I have googled around and found that passing second variable to Sentry::login($user, $remember) sets up a cookie. I have done that and can verify that it is working from the browser (Chrome). But somehow whenever I try Sentry::check() after a day it returns null for cookies. Even when the cookie is present in the browser. Can anyone point out what am I doing wrong? Same happens when I attach my custom cookie to the response.
This scenario happens on my production server. Whereas it works fine on my local server.
PS: Lifetime of the cookie is set to forever (5 Years)
After working around for sometime on the issue I was finally able to resolve the issue by creating and attaching custom cookie to the response after login. And then wrote a middleware to check for that cookie. If present then login user and continue.
I am currently working on a small project using keycloak 2.5.0
I've already set up the user login and i'm now trying to implement a page wide logout button.
As the documentation states, is simply called the route
http: //my-auth-server/auth/realms/master/protocol/openid-connect/logout?redirect_uri=http: //application-root.com/
For the sake of simplicity i used an anchor tag to make this GET Request.
If i take a look into the Network tab of the firefox developer tools everything seems to be working fine. I am getting back a 302 status code for the redirection request. And after that, the application successfully requests the http: //application-root.com/ with a status code of 200 and redirects me to this page.
But when i want to request the locked content again (the one secured by keycloak) its still accessible.
But whenever i manually delete the JSESSIONID and KEYCLOAK_ADAPTER_STATE cookie after the redirection, everything works fine and i'm being logged out correctly. Sadly i can't delete those cookies programmaticly because they are HttpOnly
What is the expected behaviour of this request ?
Am i missing something ?
Has anyone experienced anything similar ?
Thanks for any help
I implemented logout using Keycloak 4.8.3 version. Mandatory parameter is id token (id_token_hint). Optional parameter is redirect url (post_logout_redirect_uri).
Example:
http: //my-auth-server/auth/realms/master/protocol/openid-connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJEY0gyNnl0OFV0OEJQTGxoR&post_logout_redirect_uri=http:%2F%2Fapplication-root.com%2F
I've trying to add a messageboard to my Codeigniter web site. Everything has gone well except for one little part: I'd like my log in from the main site to carry over to the messageboard. Since the messageboard is not able to run in Codeigniter, I made a subdomain to run the messageboard in. This means that the main site and the messageboard do not share cookies. The messageboard is Phorum-powered, so there's a hook that I can use to sign in if I have the user_id of my user. In other words my problem basically boils down to being able to run a function on one domain that can get the user_id variable stored in the session of another domain.
Here are things the I've tried:
Setting up a controller in codeigniter that uses ci->session to echo the user_id. Then in the messageboard, I used CURL to fetch me the output of the codeigniter controller. This doesn't seem to work because CURL doesn't carry cookies or sessions or something, so codeigniter can't access it's session when called through CURL.
Same thing but with file_get_contents. File_get_contents is disabled on my server.
I'm pretty much out of ideas. Does anyone know a function I could write that would get me a CI session stored user_id from a different domain?
Here are two things you can try:
1) host the forum in a subdirectory of your code igniter project. So your two websites will have the url http://mysite.com/ and http://mysite.com/forum. Now that they share the same domain, you can access the session.
2) In your forum login page, display the message "auto-signing in". On that same page add an iframe in the html with the src="http://mysite.com/autologin/tokenid", but hide it with css. The autologin page will have CI session information, which you can temporarily make available to the world via a hard to guess tokenid and by echoing $_SESSION['user_id']. Remember to expire this page when you are done with it. Then refresh the forum's login page and use CURL to grab the publicized session information at http://mysite.com/autologin/tokenid. This is full of security flaws, so do it only as a last resort.