Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Halz's avatar
Halz
OP
11 years ago
Level 1

Cross-application authentication

Hello,

I am trying to combine an old PHP application with a fresh Laravel 5 application so that I can progressively migrate / rewrite my old application to Laravel.

I have 2 databases, one for each application and each one has a user table with a single user having the same credentials in both applications.

I have not done much in the Laravel application and have just setup 3 routes:

  • postLogin (/auth/login)
  • getLogout (/auth/logout)
  • getCheck (/auth/check) => shows user data if the user is logged in

The login form is served by the old application and also submits in the old application. The authentication works fine in the old application, but I would also like that it authenticates the user in Laravel.

I am therefore using curl to perform a POST request to /auth/login from the old application, and passes of course the credentials. I was expecting the user to also get authenticated in Laravel, but it does not seem to work.

The POST request is sent with correct data, reaches the right controller method in Laravel, passes the auth->attempt() successfully. Session file and Laravel cookie are created, but when I call /auth/check, it does not show any user data, considering that the user is not logged in.

Here's the controller method for /auth/login (i have edited the sample code to allow the user to login with both username and email):

public function postLogin(LoginRequest $request)
{

    $field = filter_var($request->input('username'), FILTER_VALIDATE_EMAIL) ? 'email' : 'name';
    $request->merge([$field => $request->input('username')]);

    $this->auth->attempt($request->only($field, 'password'));

    return '';

}

Here's the controller method for /auth/check:

public function getCheck()
{

    dd($this->auth->user());

}

Here's my curl code in the old application:

$laravelLoginUrl = $laravelBaseUrl . '/auth/login';

$fields = array(
    'username' => urlencode($_POST['username']),
    'password' => urlencode($_POST['password'])
);

foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $laravelLoginUrl);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);

Some other conclusions:

  • I have tried to submit the login form directly to Laravel's /auth/login route, and this results in a successful user authentication in Laravel.
  • I have check curl's response in my old application and could make sure that my curl request was touching the right method in Laravel and also that auth->attempt() was running successfully.

I hope someone can light me on this.

0 likes
1 reply
Halz's avatar
Halz
OP
11 years ago
Level 1

Actually, the laravel_session cookie is not set ... makes sense I guess there is no way to set a client cookie with a curl request ...

I guess I have to find another way.

Please or to participate in this conversation.