Reputation: 11
How to keep a session or cookie alive after visiting and leaving a page?
I am trying to build a referral system using the OAuth system, am working with the Laravel framework. So when a user visit the registration page with a referral link it create a cookie and a session. For to register all that is provided is the social button, so whenever the user clicks on the register with Google or Facebook.
Once the user comes back to the site the session and cookie disappear. Why is that? Below are the files I think may be helpful.
Where I created the session and cookie base on the ref
if ($request->has('ref')){
$referral = ReferralLink::whereCode($request->get('ref'))->first();
$response->cookie('ref', $referral->user_id, $referral->program->lifetime_minutes);
$_SESSION['ref'] = $referral->user_id;
request()->session()->put('ref', $referral->user_id);
}
Where I retrieve the session and cookie base on the ref
$session = request()->session()->get('ref');
dd(request());
$referral = \App\User\ReferralLink::where('user_id', $event->referralId)->orWhere('user_id', $session)->first();
// dd($event->user, $event->referralId, $referral);
if (!is_null($referral)){
$provider = $referral->user;
\App\User\ReferralRelationship::create([
'referral_link_id' => $referral->id,
'user_id' => $event->user->id,
'referree_user_id' => $provider->id,
'reward' => 'no',
]);
}
Upvotes: 0
Views: 864
Answers (1)
Reputation: 4246
A solution is to use the state parameter of the OAuth2 protocol to pass additional parameters. Then, when the user click on any "loggin", and you receive the OAuth2 response, you will get your state back.
The idea would be:
- Session is on, user have some sessions data
- We encoded the session id and we ship it on the OAuth request
- The session will be lost when the user finishes to authenticate him/herself
- OAuth2 response arrives, session id too
- Session id is extracted from response, decoded, and we restore the session back
First, get the Session id and encode it:
use Session;
// ...
$session_id = Session::getid();
$session_id = base64_encode($session_id);
I did not see your OAuth2 request, so we take a dummy example to show how to ship the state (= the encoded session id):
$request = "https://authorization-server.com/auth?response_type=code&
client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=photos&state=$session_id";
(the best is to use at least http_build_query() or better GuzzleHttp)
Then, the user is authenticated and we get our response back:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk",
"scope":"photos",
"state":"aGVsbG8gd29ybGQ="
}
And then we will decode it to get back our session id:
$response = /* ... */
$state = $response['state'];
$session_id = base64_decode($state);
And finally, restore your session:
Session::setId($session_id);
Session::start();
Upvotes: 1
Related Questions
- How to keep session alive without reloading page?
- Maintain sessions in Laravel 4
- Laravel cookie session lifetime
- Laravel 5.6: Force logout remember me login
- how create and save session value after logout
- Best way to create a forever cookie when a user accesses the website in Laravel
- Laravel 4 session won't persist across page loads
- How to prevent session/cookie refresh in Laravel?
- How to stay on the same page after a logout in Laravel
- PHP: How to make session cookies kept until browser cloeses?