Reputation: 1417
Save laravel_session cookie from ajax request - Single sign on
I'm trying to implement a single sign on.
The other application makes a http post request to my app passing some parameters, I make a request back and get an email address for the current user. (Yes, I've set the necessary CORS header in my .htaccess)
I'm now creating a user instance with that email and try to authenticate the user.
Auth::login($user, true);
return response("OK", 200);
This works fine (if the user was found).
I now expect that with Auth::login an authenticated session gets created and a session cookie is saved. As soon as the user opens my app, this session is found, no further login is necessary and the dashboard opens.
However no cookie is saved at all.
I then tried to save the cookie manually using
response("OK", 200)
->cookie("laravel_session", Session::getId(), 60);
I also tried
response("OK", 200)
->cookie("laravel_session", encrypt(Session::getId()), 60);
And
Cookie::queue(Cookie::make("laravel_session", Session::getId(), 60));
response("OK", 200);
In every case the cookie was set but when opening my app the login screen was shown. So my guess is, that there must by anything I'm missing or the laravel_session cookie contains some other data.
So my question is: Using an ajax post request, how do I properly authenticate a user and save that as a cookie, so he will be logged in when he opens up my app?
UPDATE
I've added some middleware in my kernel.php. Now the session cookie gets set automatically. However it doesn't seem to get encrypted. The "laravel_session" cookie value from the ajax request now looks like this: lYLxSwyuhfHToruJhc0r2zWNLkj9ONTlBM3QjkAo. However the cookie beeing set when using the usual "web" route looks like this: eyJpdiI6InV5bGRQNFJ4c01TYjZwT0I0amxzS1E9PSIsInZhbHVlIjoiZFI2WWpVWGxmTldDcVJvVlwvbVJicXBxM0pjRkVRUlBRKzZWb1BkbzliZHBVdTlmUEV4UzZkaFVMbmlRTHNYczFOZm5HSWkwRXhjb3BJRGI1NGRyM2tnPT0iLCJtYWMiOiJjMjAwMWIyMGIxYmQwYzkxMGQyNGJhMDZmZDJiNThjNGZhMTUyZWVjZDlkNjg5ZWVjYjY2MGE1ZTlmZDAxOGNmIn0%3D
Here is my ['api'] value in the kernel.php protected $middlewareGroups
'api' => [
'throttle:60,1',
'bindings',
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class
],
However, when setting a session cookie with a different name directly in my response, the value seems to be encrypted now:
return response("OK", 200)
->cookie("my_session", Session::getId(), $minutes);
Thanks a lot for help.
Upvotes: 0
Views: 1670
Answers (1)
Reputation: 1417
I've found a solution. I need the StartSession::class and the EncryptCookies::class definition in my Kernel.php file AND EncryptCookies:class must be the first element in the list. It didn't worked for me when directly placing it right before StartSession::class
Here is my working "api" definition from Kernel.php
'api' => [
\App\Http\Middleware\EncryptCookies::class,
'throttle:60,1',
'bindings',
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
],
Now the session cookie is set and encrypted. Yeah!
Upvotes: 1
Related Questions
- Laravel session id changes with each request
- Laravel5 AJAX set cookie not working
- Laravel session cookie not encrypted when using AJAX
- Laravel 5.0 ajax request to save session variable
- Can't forget session from ajax request in laravel 5.2
- laravel5 set cookie on ajax call
- How to authenticate user manually from cookie in laravel 5?
- Laravel store session in cookie
- Laravel Setting cookies with Ajax
- Trying to set cookie in ajax call, Laravel