Can I store an access Cookie in a Laravel session?

Question

I am working with a remote API that is normally accessed directly via JavaScript. In the normal flow, The user authenticates by sending Auth headers and in return is granted a cookie.

What I am trying to do is send auth headers from a laravel app, authenticate in the app controller, and provide API access through laravel controller functions.

I was hoping this would be as simple as authenticating and sending my subsequent API calls, hoping that the cookie given to the PHP server would continue to grant authentication.

Well that doesn't work and thats fine, but now I am thinking that I need to store my access cookie in the Session, and send it in the headers for future API calls.

Will this work/how can I go about this? My supervisors don't want to implement OAuth type tokens on the remote server and to me that seems like the best route, so I am a bit stuck.

Answer 1

Cookies cannot be shared across multiple hosts. The cookie (on the client) is only valid for path which set it.

Answer 2

EDIT - ADDING ADDITION AUTH DETAIL

Setting up remember me in Laravel

1. When migrating (creating) you User table add $table->rememberToken() to create that column in your User table.
2. When user signs up to your service add a check box to allow them to make the decision OR you can just set it true if you don’t to offer the user the option as described in step 3

< input type="checkbox" name="remember" >

3. In your controller you add the following code:

   if (Auth::attempt(['email' => $email, 'password' => $password], $remember)) { // The user is being remembered... }

Users table must include the string remember_token column per 1. , now assuming you have added the token column to your User table you can pass a boolean value as the second argument to the attempt method, which will keep the user authenticated indefinitely, or until they manually logout. i.e. Auth::attempt([$creditentials], true);

Side note: the Illuminate\Contracts\Auth\UserProvider contract, public function updateRememberToken(Authenticatable $user, $token) uses the user’s UID and token stored in the User table to store the session auth.

AUTH ONCE:

Laravel has once method to log a user into the application for a single request. No sessions or cookies. Used with stateless API.

if (Auth::once($credentials)) {
    //
}

OTHER NOTES

The remember cookie doesn't get unset automatically when user logs out. However using the cookie as I explained below in cookies example you could add this to your logout function in your controller just before you return the redirect response after logout.

public function logout() {
// your logout code e.g. notfications, DB updates, etc

    // Get remember_me cookie name
    $rememberCookie = Auth::getRecallerName();
    // Forget the cookie
    $forgetCookie = Cookie::forget($rememberCookie);

    // return response (in the case of json / JS) or redirect  below will work 
    return Redirect::to('/')->withCookie($forgetCookie);

    OR you could q$ueue it up for later if you are elsewhere and cannot return a response immediately
    Cookie::queue(forgetCookie);

}

Basic general cookie example that might help you. There are better approaches to do this using a Laravel Service provider

// cookie key
private $myCookieKey = 'myAppCookie';
// example of cookie value but can be any string
private $cookieValue = 'myCompany';

// inside of a controller or a protected abstract class in Controller, 
// or setup in a service ... etc.
protected function cookieExample(Request $request)
{
    // return true if cookie key 
    if ($request->has($this->myCookieKey)) {
        $valueInsideOfCookie = Cookie::get($this->myCookieKey);
        // do something with $valueInsideOfCookie

    } else {
        // queue a cookie with the next response
        Cookie::queue($this->myCookieKey, $this->cookieValue);
    }
}

public function exampleControllerFunction(Request $request)
{
    $this->cookieExample($request);
    // rest of function one code
}

public function secondControllerFunction(Request $request)
{
    $this->cookieExample($request);
    // rest of function two code 
}