How to set a cookie on response in Laravel Lumen 8

Question

I'm currently building a REST API with Laravel Lumen 8. I want to set a cookie if the user logged in successfully. I saw that in the Lumen 5.1 docs there was a section that showed how to send a cookie with the response (https://lumen.laravel.com/docs/5.1/responses#attaching-cookies-to-responses). But in the documentation for version 8 this section is missing. I also looked into the Laravel 8 docs (https://laravel.com/docs/8.x/responses#attaching-cookies-to-responses) and tried the following things in my routes/web.php file:

Attempt 1

$router->get('/test', function () {
    return response('Hello World')->cookie(
        'name', 'value', 60
    );
});

But then I get the following error:

Argument 1 passed to Symfony\Component\HttpFoundation\ResponseHeaderBag::setCookie() must be an instance of Symfony\Component\HttpFoundation\Cookie, string given

Attempt 2

use Illuminate\Support\Facades\Cookie;

$router->get('/test', function () {
    Cookie::queue('name', 'value', 60);
    return response('Hello World');
});

Error message: Target class [cookie] does not exist.

Attempt 3

$router->get('/test', function () {
    $cookie = cookie('name', 'value', 60);
    return response('Hello World')->cookie($cookie);
});

Error message: Call to undefined function cookie()

Attempt 4

use Symfony\Component\HttpFoundation\Cookie;
$router->get('/test', function () {
    return response(null)->withCookie(new Cookie('name', 'value'));
});

This solution works, but if i set the third parameter like this new Cookie('name', 'value', 60), I don't get an error message but the cookie doesn't get set anymore. And I'm also a bit sceptical because I never saw this in any official docs but only in this stack overflow question: Set cookie on response in lumen 5.6.

These weren't the only things I tried but nothing worked so far. Setting a cookie should be such an easy thing but I just can't achieve it. I'm pretty new to Laravel/Lumen, has it something to do with the new Version 8? Or what else am I doing wrong?

Answer 1

In case you are using the jwt-auth library by Sean Tymon for JSON Web Token Authentication, this Thread may help you: https://github.com/tymondesigns/jwt-auth/issues/1594#issuecomment-395575980

Cited from the thread:

The root of the culprit I guess is that Lumen by design no longer does cookies which I find a bit of a flaw in the light of all the blogs and OWASP suggestions of not storing a JWT in localstorage but rather in a httponly cookie to prevent XSS and deal with CSRF accordingly. So, the jwt-auth doesn't include the cookie parser with the LumenServiceProvider which is what you register in app.php as a service provider:

$app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);

So when you add

use Tymon\JWTAuth\Http\Parser\Cookies;
to the top of jwt-auth\src\Providers\LumenServiceProvider.php

and add

new Cookies($this->config('decrypt_cookies'))

into the array at the very end of the file

$this->app['tymon.jwt.parser']->setChain([<br>
            new AuthHeaders,
            new QueryString,
            new InputSource,
            new LumenRouteParams,
            new Cookies($this->config('decrypt_cookies')),
        ]);

then you should be able use the cookie authentication in Lumen as well.

Answer 2

I've had the same issue, this is not pretty but it fixed it for me.

use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\Response;
...
$response = new Response();
$response->headers->setCookie(Cookie::create('foo', 'bar'));
$response->send(); // <- this guy