7 months ago

Hijack password reset

Posted 7 months ago by ycsm

Hi everyone.

At the moment I set some session variables by hijacking the laravel authenticated function like so:

    protected function authenticated(Request $request, $user)
        session(['api_token' => $user->api_token]);
        session(['season' => Season::where('active', 1)->first()]);
        session(['centres' => Centre::where('active', 1)->get()]);
        session(['centre' => Centre::findOrFail(auth()->user()->centre_id)]);
        session(['user' => $user]);

        return redirect()->route('home') ;


However, when a user resets their password, Laravel logs the user in but ignores the above function, none of the session data is set. Is there any way to fix this?

Please sign in or create an account to participate in this conversation.