pmaechler wrote a reply+100 XP
5mos ago
I'm a bit surprised. The above snippets shows, that I do put stuff into my session and can read the values over multiple request.
This was done in the first and a simple Controller I found. I also installed the debugbar (nice tool, thx for the hint)
Was surprises me a lot more and kinda worries me is
that now, after the login::attemp() call I put stuff in the session and can read them
public function __invoke(Request $request)
{
// Validate the input
$credentials = $request->validate([
'email' => 'required|string',
'password' => 'required',
]);
debug($credentials);
// Attempt to log in
if (Auth::attempt($credentials, $request->boolean('remember'))) {
// Regenerate session for security
$request->session()->put('LC1_' . time(), '123');
$request->session()->regenerate();
$request->session()->put('LC2_' . time(), '123');
debug(['check' => Auth::check()]);
debug(['id' => Auth::user()->id]);
//debug(Auth::loginUsingId(Auth::user()->id));
//Auth::loginUsingId(2);
// Redirect to intended page or home
//return redirect('/')->with('success', 'Welcome back!');
}
// If login fails, redirect back with error
/*
return back()
->withErrors(['email' => 'The provided credentials do not match our records.'])
->onlyInput('email');
*/
}
and now i stay logged in
dd() is "debug-and-dump, so the code execution is stopped and session stuff is not saved but dump() which I used bevor, is just "debug the data and go on". looks to me that the session won't be saved with that either
I have to dig deeper into it. Currently I can use the login form, session or authentication is working. I have to double check if there are any "stupid" tests are lying in my code and clean those up.
I'm worried because in my opinion stuff should be saved in the session. I should not net to put extra garbage into the session with session()->put()
I'll keep you updated
pmaechler liked a comment+100 XP
5mos ago
pmaechler wrote a reply+100 XP
5mos ago
Hello Snapey
I'm back at field 1 :) I also had the impression that it has to be a session problem, but...
Simple Controller
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class AnsibleController extends Controller
{
private $playbooks = [
'find_serial'
];
public function show(Request $request)
{
session(['S_' . time() => 'key_' . rand(1, 999)]);
$request->session()->put('R_' . time(), rand(1, 999));
return view('ansible.list', [
'playbooks' => $this->playbooks,
'sses'=> session()->all(),
]);
}
}
and an easy template
@section('content')
<div class="container-fixed">
<pre>
{{ print_r($sses) }}
</pre>
</div>
@endsection
Results in:
Array
(
[S_1764072065] => key_605
[R_1764072065] => 854
[PHPDEBUGBAR_STACK_DATA] => Array
(
)
[_previous] => Array
(
[url] => http://10.200.114.4:8080/livewire/livewire.js?id=df3a17f2
[route] =>
)
[_flash] => Array
(
[old] => Array
(
)
[new] => Array
(
)
)
[_token] => BMfl3Ph37MC4LR19JfPa1nWQFn8rpQZE2eVdF0bt
[S_1764072072] => key_799
[R_1764072072] => 295
[S_1764072095] => key_112
[R_1764072095] => 363
[S_1764072140] => key_278
[R_1764072140] => 154
)
this means that i can read and write to the session with either session() or $request->session()
Maybe I have a mix between php $_SESSION and Laravel Sessions. But the example above explicitly uses the Laravel Session functions provided in the manual
pmaechler wrote a reply+100 XP
5mos ago
Thanks for you reply!
I'm not sure what you wan't to point out.
I already read the description and content of the attempt() and the loginUsingId() function and i do understand the differences.
loginUsingId() is hardcoding the login to a user given by the ID without any check or proof, that the credentials (user and pass) are correct.
attempt() is verify the credentials and if they match, log the user in
The loginUsingId() function is just for debugging and I'm well aware that such code is dangerous and contra-production in production
I was checking where the "authentication gets lost" or if laravel redirects me because of invalid data. therefor i "hardcoded" the login to see if I'm still logged in on the next page.
Since my welcome page just renders a template, Route::view('/', 'welcome')->name('home'); I put the login-code {{ Auth::loginUsingId(1) }} directly into the template.
Afterwards i checked if this also works when putting the login into a controller
To me it looks like, when the Controller Code is running, the session or authentication stuff is not ready
To further troubleshoot this or make sure session are working i have a simple controller
public function show()
{
session([time() => 'key_' . rand(1, 999)]);
return view('ansible.list', [
'playbooks' => $this->playbooks,
'sess'=> session()->all()
]);
}
and inside the template i just {{ print_r($sess) }} the whole session data.
there I do see different key_nnn entries and the whole history. so sessions are working
pmaechler wrote a reply+100 XP
5mos ago
Sorry for the unclear question problem description
Short version:
when using Auth::loginUsingId(1) inside a controller, i loose the authentication on the following page. If I use Auth::loginUsingId(1) inside the blade template, all works fine
I did more or less the official guide to use authentication The issue is that inside my login controller, which handles the request I have
public function __invoke(Request $request)
{
// Validate the input
$credentials = $request->validate([
'email' => 'required|string',
'password' => 'required',
]);
dump($credentials);
// Attempt to log in
if (Auth::attempt($credentials, $request->boolean('remember'))) {
// Regenerate session for security
$request->session()->regenerate();
dump(['check' => Auth::check()]);
dump(['id' => Auth::user()->id]);
dump(Auth::loginUsingId(Auth::user()->id));
//Auth::loginUsingId(2);
// Redirect to intended page or home
//return redirect('/')->with('success', 'Welcome back!');
}
// If login fails, redirect back with error
/*
return back()
->withErrors(['email' => 'The provided credentials do not match our records.'])
->onlyInput('email');
*/
}
The output is check: 1 and i get my whole user object and the auth object of my user
On the following page or when turning the redirects on, the welcome page does not have an authenticated user
when i place {{ Auth::loginUsingId(1) }} inside the login template, I am immediately logged in, can browser over to other pages and keep beeing logged in
since the login works when i'm inside the blade template, i guess session stuff is working (tested with files and database and i see the data).
I hope this makes it more clear where my issue is
tia
pmaechler started a new conversation+100 XP
5mos ago
Hello
I'm struggeling with an Authentication problem since many hours.
Background Created an Application with Laravel 11 from scratch (eloquent, some livewire stuff, etc). Working fine so far Now I need to add authentication and authorization to the app. If possible via Azure socialite plugin. But first I'll do it agains the local database
After filling out the login form, i get redirected to the / page (login successfull) but I'm not logged in sessions are working
doing Auth::check() shortly after Auth::attempt() shows success
What puzzels me is
Doing Auth::loginUsingId(1) in a Controller -> same result. Doing Auth::loginUsingId(2) in a Blade-Template (View) -> logs me in I keep stayed in
There is, as far as I know, no strange middleware or anything in use. Usermodel is "default" from Laravel11
Using Auth::login($credentials) instead of Auth::attempt($credentials) gives me an error about Class must ... Authenticatable alltough the User Model extends Illuminate\Foundation\Auth\User as Authenticatable
Any ideas on how to troubleshoot this? I'm at a loss
/BR