I'm working on my first laravel project and I've started making user accounts for initial folks to have a look.
In EventServiceProvider.php, I listen for logins (and the UpdateLoginInfo updates the users' logins count and last login date) like so:
protected $listen = [
'auth.login' => [
'App\Events\UpdateLoginInfo',
],
];
It's been working fine from the get-go, but yesterday I had a new user log in (and she even took actions in the app), but mysteriously the login count/date was never updated on the way in!
I've confirmed that it works for me with her account, in chrome, firefox, and IE... Papertrail doesn't have any clues- where else should I be looking for clues, or to try to reproduce it? Is it something browsers/settings can interfere with?
Related
When testing my application and trying to create a new user then on form submission I am getting error 419.
If I use a helper to log in using Auth::loginUsingId(x) for an existing user then dd(auth()->user()) is successful but when I redirect to another page the user is no longer logged in. eg running the following code, you end up getting redirected to /login:
Route::get('/logInAs/{id}', function ($id) {
Auth::loginUsingId((int) $id);
dd(\auth()->user());
return redirect()->route('dashboard');
});
I would share more code but I'm not sure what would be useful at this point?
I've probably spent about seven hours trying to fix this so far. It's driving me up the wall!
The app works fine on other environments, such as staging. I've even gone so far as to re-download it from github as a fresh install (in case I was messing about in vendor directory and changed something), but that hasn't fixed it.
I get the same issue on Chrome, using different signed in users on Chrome, using incognito mode on Chrome, using Firefox, and using valet share and accessing my local version on another device, like a phone, so I don't think it is to do with browser caching.
When other devs working on the project run it locally on their machines I haven't had reports of this issue, so it seems to just me my local environment.
I've variously tried changing CACHE_DRIVER and SESSION_DRIVER in .env to no joy, but I'm beginning to lose the will to live so don't really know if I'm doing the right thing there - please help if you can!!
Edit to add more detail:
Middleware on the dashboard route:
Route::middleware(['auth:sanctum', 'verified'])->group(function(){
Route::get('/dashboard', DashboardController::class)->name('dashboard');
});
If I remove the middleware then I just get an error that user is null on dashboard.blade.php, ie the user is still not staying logged in.
A custom middleware:
class VerifyUserIsMerchant
{
public function handle(Request $request, Closure $next)
{
if ($request->user()->isMerchant()) {
return $next($request);
}
throw new AccessDeniedHttpException('You must be a merchant to access this page');
}
}
If I dd($request->user()) in this middleware it returns null.
The issue got fixed with the help of Laracasts. The full answer is here.
In short, I needed to remove the http:// protocol from SESSION_DOMAIN in .env and set it to match APP_URL.
This was the correct answer for this issue. It was deleted by a moderator. Moderator, before you delete this answer as well please can you explain why?
It provides the full answer to the issue raised in the question. I did not find this answer to this issue anywhere else (hence why it took me several days of debug to fix).
If I can know why it was deleted, I can then understand how to avoid making answers in the future that also would be deleted. Thank you.
I'm at a loss here... I'm using Laravel 8 with the jetstream inertia stack. I've setup event listeners in my EventServiceProvider to log various authentication events but the events don't seem to fire as expected. Login and Logout both work as expected, but I can't figure out the logic behind Attempting and Failed. Attempting only seems to fire when I successfully login. If I pass an invalid email/password it never fires. And I can't seem to figure out when Failed ever fires. All I want to accomplish is logging attempts to login to my system, even if they are providing invalid credentials.
Here's my EventServiceProvider. All the listeners are very simple with just a line to log a message in the handle() method.
protected $listen = [
\Illuminate\Auth\Events\Attempting::class => [
\App\Listeners\Auth\LogAttemptingLogin::class
],
\Illuminate\Auth\Events\Login::class => [
\App\Listeners\Auth\LogSuccessfulLogin::class,
],
\Illuminate\Auth\Events\Logout::class => [
\App\Listeners\Auth\LogSuccessfulLogout::class,
],
\Illuminate\Auth\Events\Failed::class => [
\App\Listeners\Auth\LogFailedLogin::class,
]
];
I'm experiencing the same issues with exact same stack. It feels like LogFailedLogin not triggering is a bug or something.
I opened an issue as I'm having an hunch that it has to do with Fortify: https://github.com/laravel/fortify/issues/145.
Edit: It's a confirmed bug at the time of writing.
I just uploaded a project from my local machine via FTP and it seems that the live server is working differently after trying to log in.
On the live server it's not authenticating. It gets to the __construct on AuthController.php but goes right back without errors (again, on local it works fine).
I tried adding this in Authcontroller.php:
public function postLogin(Request $request){
die();
}
And it didn't even reach it on server (it did on local).
I tried playing with the routes and instead of this:
Route::controllers([
'auth' => 'Auth\AuthController',
'password' => 'Auth\PasswordController',
]);
I did this:
Route::post('auth/login','Auth\AuthController#postLogin');
Route::get('auth/login','Auth\AuthController#getLogin');
Didn't help on the server (local still worked fine).
I tried clearing my browser's cache, artisan cache, artisan config cache and basically anything I could find.
I tried re-uploading files from local to the server and nothing seems to work.
The most important thing here (I think) is that when I created the postLogin function it didn't even go in. That should be a huge tip if I actually knew what that meant.
The log didn't give me any errors.
Thank you #Bagus Tesa for asking to see the login file!!!
In the action of the form I added a parameter I was using for something but for some reason that's what was screwing everything up.
The important thing is that it works now...
Thanks so much!
Recently I moved my cakephp site from a hosting service to an other. The page was working like a charm, but now I'm having the issue, that my sessions randomly drop.
I'm on a shared hosting service, so I changed cake's session defaults from php to cake, now my sessions are saved to my tmp/sessions folder. (but it wasn't working with php either)
Followed my session's way with Firebug:
When i log into the page, i have a Sessionid, and in the tmp/sessions folder i have the corresponding sess_{sessionid} file too.
After a few clicks on some pages (totally random) my sessionid changes and i'm "logged out".
The session file with which i've logged in, remained in the directory.
My session settings in core.php right now:
Configure::write('Session', array(
'defaults' => 'cake'
));
I'm using the 2.3.8 version of Cake.
Update:
Finally i found the problem thanks to Nick. I checked the Cakephp error files, and found out that i only got logged out, when i visited a page containing an element, which was not on the server ( eg a picture was missing). So i went to Firebug, and check what the Net tab says. On the new Host service i got a 404 Not Found response AND a new session id set in the response, whilst on the other servers i tested the page, i simply got a 404 Not Found. If i randomly generate links to not existing files like (domain/test.jpg) i get the same results.
Try these settings, in Firefox you can install the web develop extension, then you can view your cookie to see if it is all set correct.
Configure::write('Session', array(
'defaults' => 'php',
'cookie' => 'yourdomain',
'timeout' => 44640,
));
Check any components that you are using for whitespace (usually at the end of the file).
I came across this recently whilst helping a client with their existing CakePHP site, when logged in one particular page that called a component was killing $this->Session->read(‘Auth’).
There is a CakePHP shell that you can use to find whitespace.
i am working on a Cakephp 2.x ... i am using auth component ... the problem write now is that the session automatically expires after some minutes.. i mean if the user does nothing then CakePHP logs them out after some period...i want to make the session time forever unless he click the logout button ..i dont know how to to do this .. any help would be greatly appreciated
Here's my config code:
Configure::write('Session', array(
'defaults' => 'php'
));
I think the problem is that you're using the default php sessions and they are configured (in php.ini) to expire sooner than you want to. See.
If you want your logins to live forever it's probably better to use cookie based login. See this plugin for instance.