I'm using Laravel on MAMP PRO (PHP 5.4). Both are vanilla install and I got Laravel working okay.
Next, Installed Sentry.
Inside of a login function on controller:
$user = Sentry::authenticate($credentials, false); // this works. I can see the $user
But then upon an immediate redirect I use a filter:
Route::filter('auth.admin', function()
{
var_dump(Sentry::check()); // ** this gives me a bool(false);
die();
if ( ! Sentry::check())
{
return Redirect::route('admin.login');
}
});
So, I'm assuming that maybe there is a cookie that is not being set?
Solved...
For anyone else with this issue, this is a summary of the most common solutions on the Internet as well as how I solved my issue. I'm on MAMP/OSX, but this apparently made zero difference as I literally put up a vagrant/virtualbox and still had the same issue.
** Set 'domain' => 'yourdomain.com' in your config/session.php. EVEN IF YOU ARE ON A SUB DOMAIN like a.b.c.yourdomain.com, use ONLY the root domain (yourdomain.com) in your 'domain' variable as I just wrote it. ** This was my issue.
Make sure your session storage folder has write permissions.
Make sure you have a >0 lifetime in your session.php
Make sure you don't have whitespaces after any closing PHP which could cause the application not to shut down properly.
Try Switching between database sessions and file sessions.
As a last resort, try upgrade to 4.2, if possible. 4.1 had a known issue (as referenced in google).
Your issue is may no be with Laravel OR Sentry. It's probably a file or configuration issue as illustrated above. I pulled my hair out tracking this from Sentry to Laravel to Cookies to Session to Blah... Only to realize that it was finally a cookie issue which was caused by me not setting my ROOT domain (I was using the full
Related
Pulling my hair out with this one.
I have an API that is working completly in both staging and production environments but recently has started return some 404 on two of the routes locally, and I cant work out why. (No changes have been made to the site locally).
Below is the affected route group:
Route::group(['middleware' => ['api.auth']], function () {
Route::post('role_update', 'App\Http\Controllers\MobileApi#role_update');
Route::post('request_items', 'App\Http\Controller\MobileApi#request_items');
Route::post('download_log', 'App\Http\Controllers\MobileApi#download_log');
Route::post('log_time', 'App\Http\Controllers\MobileApi#log_time');
Route::post('log_search', 'App\Http\Controllers\MobileApi#log_search');
});
The role_update & log_time routes return 404 locally and run perfectly in production and in the staging environment.
All of these routes are shown as generated on route:list.
I have run route:clear & route:cache & route:optimize to no beneficial effect.
I know that the methods are rechable on the controller and that the middleware isnt the issue as if I use one of the working routes URI's to call one of the non working route methods it works. For example, if I switch things around so that a post to download_log actually points to the role_update method the 404 disappears.
Interestingly I cannot change the URI's of any of these routes or they immediatly start throwing 404's even when confirmed that they are registered in route:list. I also can't add any new routes as they all throw 404's.
This makes me suspicious that the routes are being cached and not overridden somewhere?
My local environment is laravel sail - there has been no updates between this working and not working.
Laravel version - 8.30.1
Any help with this would be greatly appretiated.
Thanks
N.B - we have also just noticed that the role_update route is actually returning a 404 on the production and staging servers but only from our android application - its working on both iOS and postman. Very odd.
this problem is occur with me. if you update laravel may solve
composer install
composer update
For anyone finding this - I am the issue - I very stupidly forgot one of the variables required to access the API - to add to my stupidity, during testing I had the API throwing 404's if that variable was missing.
The reason it was working on some environments and not others is that my postman requests had the required variable in them just by chance! Obviously this would usually throw and error that I could work out be I had forced it to be 404's during development.
Sorry for any time taken thinking about this!
When testing my application and trying to create a new user then on form submission I am getting error 419.
If I use a helper to log in using Auth::loginUsingId(x) for an existing user then dd(auth()->user()) is successful but when I redirect to another page the user is no longer logged in. eg running the following code, you end up getting redirected to /login:
Route::get('/logInAs/{id}', function ($id) {
Auth::loginUsingId((int) $id);
dd(\auth()->user());
return redirect()->route('dashboard');
});
I would share more code but I'm not sure what would be useful at this point?
I've probably spent about seven hours trying to fix this so far. It's driving me up the wall!
The app works fine on other environments, such as staging. I've even gone so far as to re-download it from github as a fresh install (in case I was messing about in vendor directory and changed something), but that hasn't fixed it.
I get the same issue on Chrome, using different signed in users on Chrome, using incognito mode on Chrome, using Firefox, and using valet share and accessing my local version on another device, like a phone, so I don't think it is to do with browser caching.
When other devs working on the project run it locally on their machines I haven't had reports of this issue, so it seems to just me my local environment.
I've variously tried changing CACHE_DRIVER and SESSION_DRIVER in .env to no joy, but I'm beginning to lose the will to live so don't really know if I'm doing the right thing there - please help if you can!!
Edit to add more detail:
Middleware on the dashboard route:
Route::middleware(['auth:sanctum', 'verified'])->group(function(){
Route::get('/dashboard', DashboardController::class)->name('dashboard');
});
If I remove the middleware then I just get an error that user is null on dashboard.blade.php, ie the user is still not staying logged in.
A custom middleware:
class VerifyUserIsMerchant
{
public function handle(Request $request, Closure $next)
{
if ($request->user()->isMerchant()) {
return $next($request);
}
throw new AccessDeniedHttpException('You must be a merchant to access this page');
}
}
If I dd($request->user()) in this middleware it returns null.
The issue got fixed with the help of Laracasts. The full answer is here.
In short, I needed to remove the http:// protocol from SESSION_DOMAIN in .env and set it to match APP_URL.
This was the correct answer for this issue. It was deleted by a moderator. Moderator, before you delete this answer as well please can you explain why?
It provides the full answer to the issue raised in the question. I did not find this answer to this issue anywhere else (hence why it took me several days of debug to fix).
If I can know why it was deleted, I can then understand how to avoid making answers in the future that also would be deleted. Thank you.
I Want to run my application in localhost with php artisan serve but I get this Error unserialize(): Error at offset 0 of 40 bytes where is my problem?
You have to set a news Key Generate because
php artisan key:generate
After that test again to run the Laravel Application
php artisan serve
I got the same error, when I upgrade a Laravel 5.5 app to 5.6. The error comes form the EncryptCookies-Middleware.
Delete the cookies in your browser and/or clear your session-files in your Laravel app.
I've faced same problem. I frequently faced this problem in Homestead-vagrant environment.
To solve this issue in Laravel 5.4,5.5,5.6 or more -
php artisan config:clear
php artisan view:clear
php artisan key:generate
I got the same error a couple of days ago when I pushed a production update to my Laravel project from Envoyer.
Immediate fix:
I tried to rollback to the previous commit but the issue persisted which means the issue was originating from the client side, cookies probably. I tried removing cookies and the issue was gone.
Later, I spent a lot of time looking for this issue but got nothing until I faced this issue again today with another deployment and i found this article on Laravel news about the security fix 5.6.30 update. I was able to identify that this issue occurs if i try to deploy previous (< 5.6.30) version of the laravel v5.6.26 for a project which was already using > v5.6.30 and cookies were already created ( not serliazed) which when <5.6.30 version of the framework tries to unserlize results in error because they're not properly serealized.
Installing laravel/framework (v5.6.26)
Loading from cache
From the upgrade guide:
Configuring Cookie Serialization Since this vulnerability is not able
to be exploited without access to your application's encryption key,
we have chosen to provide a way to re-enable encrypted cookie
serialization while you make your application compatible with these
changes. To enable / disable cookie serialization, you may change the
static serialize property of the App\Http\Middleware\EncryptCookies
middleware:
I was able to fix this issue permanently by clearing cache of composer so forcing it to load latest version of the framework instead of falling back to cache.
Hope this helps.
Bests,
Just Inspect the element in Browser, and go to application tab and select cookie and delete that all cookie. That's It.
In App\Exceptions\Handler under render function use this snippet, it will reset browser cookie.
if (str_contains($exception->getMessage(), 'unserialize')) {
$cookie1 = \Cookie::forget('laravel_session');
$cookie2 = \Cookie::forget('XSRF-TOKEN');
return redirect()->to('/')
->withCookie($cookie1)
->withCookie($cookie2);
}
In my case I did removed my composer.lock and did a composer install and voila...
$ cd project_root
$ rm composer.lock
$ composer install
I also encountered this issue when I happened to update my composer.
If you put
protected static $serialize = true;
inside App\Http\Middleware\EncryptCookies, the old cookie will break your system. So to prevent this, either you have to clear the cookie, or just don't unserialize the decrypted cookie.
I made a workaround for this:
Inside vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php
Above this line of decrypt() function:
return $unserialize ? unserialize($decrypted) : $decrypted;
add:
try {
return $unserialize ? unserialize($decrypted) : $decrypted;
} catch (\Exception $e){
return $decrypted;
}
This might be ugly, but you can temporarily put it there until you think the old cookies has gone.
In my case, I was trying to decrypt a hash with an wrong function.
I was creating encrypt using encryptString()
$hash = Crypt::encryptString('secret');
but I tried to decrypt using decrypt()
$value = Crypt::decrypt($hash);
the correct way is
$value = Crypt::decryptString($hash);
So when you encrypt using Crypt::encrypt() you must decrypt it using Crypt::decrypt(), and for Crypt::encryptString() use Crypt::decryptString()
The first thing you should do is clear the configuration cache file
php artisan config:clear
Then create a new key for the application
php artisan key:generate
Finally, restart the server.. I hope it will fix your problem.
In my case happened during local development.
The steps that caused the problem was:
I upgraded the laravel up to 5.8 on a seperate branch.
I switched into an another branch having laravel 5.2 (in my case I had to review a PR)
I also was logged in in my app and hence there was a session cookie as well. In that case I just cleared the browser's cookies and got fresh ones.
In firefox can be done via visiting then select about:preferences#privacy and select the appropriate option. as the following images show (in Greek)
Privacy setting and an indication where the user to click
An anothwer aproach to diagnose the issue it to open a private firefox window or use chrome's cognito mode.
yeah, for localhost you can just delete cookies, but for production put this in your error handler so users would not see whoops :
if (strpos($exception->getMessage(), 'unserialize(): Error at offset 0 of 40 bytes') === 0) {
unset($_COOKIE['laravel_session']);
unset($_COOKIE['XSRF-TOKEN']);
setcookie('laravel_session', null, -1, '/');
setcookie('XSRF-TOKEN', null, -1, '/');
abort(200, '', ['Location' => route('frontend.home')]);
}
PS. tested for laravel 5.6.
you will just run in terminal
composer global update
I'm building a web app in my local system (Ubuntu-14.04 64Bit) using laravel 5.3. I used Socialite to signin from social networks. I configured G+, Facebook, GitHug. I'm using Chromium as my default browser. Finally the problem is i'm getting
InvalidStateException in AbstractProvider.php line 200
frequently. i tried
php artisan cache:clear
php artisan config:clear
composer dump-autoload
these are helping to solve the issue temporarily, again the problem raising.
please help me in this issue..
I have the same issue and I've read a lot about this, that depend if the URL where you are at the moment of the login request has www. at the beginning or not.
Into config\services.php, if you have the redirect set as http://sitename.tld/callback/facebook the oauth works if you send the login request from sitename.tld, while if you try from www.sitename.tld you get the exception.
I haven't yet understood how to have it working with and without www at the beginning.
If the AbstractProvider.php line 200 fires the exception when the state of the user is not present means that the User cannot be created.
First check your code when you get the details from the provider(facebook, github) if you create a user and you return it.
If you have managed and logged in your app and you deleted the user from the user table remember to delete also the data from the socialite account table.
I was getting that exception because 'state' wasn't saved in session. But I was using asPopup method - Socialite::driver('facebook')->asPopup()->redirect(); so I saved session then - $request->session()->save();. So I solved this issue.
or try
session()->put('state', $request->input('state'));
$user = Socialite::driver('facebook')->user();
it works
I have same issue and solved in 3 steps;
add request on the top
use Illuminate\Http\Request;
Pass request object to function
public function handleProviderCallback(Request $request)
{
try {
$user = Socialite::driver('facebook')->user();
} catch (Exception $e) {
throw new Exception;
}
}
Clear cache.
php artisan cache:clear
I had the same error but my solution was a little different. I am posting here just in case someone else keeps hitting this post like I did for a possible answer.
I develop on Ubuntu 18.04 desktop since it is a server with a GUI. Socialite works great locally but as soon as I pushed/pulled the changes through git to the server, it quit.
I was running traces by recording what was sent to and from google. I "dd($_GET)" to get a raw dump before Socialite had a chance to get the info so I knew what was stored and ready for use. All info was there but Socialite didn't seem to "see" it. That is when I reasoned it was my apache2 header configuration interfering with the cookies/session data.
I had set header security in my apache2 configs. One of the settings was
Header always edit Set-Cookie ^(.*) "$1;HttpOnly;Secure;SameSite=Strict"
This setting was interfering with the cookie information that socialite needed. I removed that setting from my apache2 header config(by commenting out) and restarted Apache. Finally I removed all sessions in storage/framework/session/* and cleared them from my browser just to be sure. That worked for me.
After I got it working, one by one enabled and tested each of the following settings to have the framework secure what header info it can:
SESSION_SECURE_COOKIE=true
in my .env file
'http_only' => true, and
'same_site' => 'lax'(setting to "strict" did not seem to work)
in my config/session.php file.
Now it is back to testing security and tweaking things back if need be.
I have a Laravel site set up on a Homestead box, so I'm accessing it on sitename.app:8000. I have a route called "news" but when I try to go to sitename.app:8000/news I get oddly bounced out to sitename.app/news/.
If I change the routename to "news2" I can access the desired controller action as per normal at sitename.app:8000/news2. So somehow it's "news" itself that has become uncooperative - and I'm pretty sure that we aren't even getting as far as the NewsController, when I try to access that url.
Can anyone work out from these symptoms what might be going wrong? One "news"-related change I made at some point was to add $router->model('news', "App\News"); in the boot method of the RouteServiceProvider, but removing this doesn't seem to make the difference.
ETA: People keep asking for the routes.php file. I can literally remove everything from the file except
Route::get('news', function() {
return "hello world";
});
Route::get('news2', function() {
return "hello world";
});
and /news2 will work but /news will bounce me out. So I remain pretty convinced that the problem is somewhere deeper than routes.php...
I finally worked out what boneheaded action of mine had been causing this behaviour!
I had created a folder in /public named "news"... i.e. with the same name as an important route. Not sure exactly what havoc this was wreaking behind the scenes for Laravel every time a request for /news was being made, but one can assume it was nothing good.
Advice for anyone tearing their hair out over a route that "mysteriously doesn't work" - check your public folder for possible collisions!
This is a known issue Larvel missing port
The easiest way to solve this problem is to go to public/index.php and set the SERVER_PORT value.
$_SERVER['SERVER_PORT'] = 8000;
Don't forget to set the base url in the config if you are using links on website, the url generator uses the base-url defined in the config.
Last option is to change the vm portfoward in VagrantFile to point to port 80 and use port 80 for your app.