Level 75
Here you go https://laracasts.com/discuss/channels/laravel/session-values-lost-after-redirect?page=0
Calling $request->session()->save() before redirecting should fix it.
If using facade use the facade syntax.
Oct 31, 2019
17
Level 1
Can't persist session after redirect()->route()
Hiya everyone, I'm trying to login users with Spotify using Socialite. I successfully redirect to login page and in return get the user object. Problem occurs when I want to pass the user object to my blade files and controllers. When I return handleProviderCallback with redirect()->route(), I lose all session data. I can persist the session if I return view() but when I do that and refresh the page I get "Invalid authorization code". How can I make sure session persists after reloads? What am I missing here? Thanks in advance!
Edit: Using Laravel 6
SESSION_DRIVER=file
SESSION_DOMAIN="http://localhost"
SESSION_ENCRYPT=false
<?php
namespace App\Http\Controllers\Auth;
use Socialite;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Session;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller {
use AuthenticatesUsers;
public function redirectToSpotify() {
$scopes = ['playlist-read-private', 'playlist-read-collaborative'];
return Socialite::driver('spotify')
->with(['show_dialog' => 'true'])
->scopes($scopes)
->redirect();
}
public function handleSpotifyCallback() {
$user = Socialite::driver('spotify')
->stateless()
->user();
// dd($user); Returns good data.
Session::put('user', $user);
Session::save();
// dd(Session::all()); Has the $user in it.
return redirect()->route('dashboard');
}
}
Route::get('dashboard', function () {
return view('dashboard');
})->name('dashboard');
Level 1
Thanks for the link but I already do:
Session::save();
Isn't that the same thing?
Level 73
@kaankaraoglu but then how do you retrieve the user from the session?
do you use something like this in the view:
@if ($user = session('user') )
{{ $user->name }}
@endif
?
P.S. I think that save() on a session is not needed if using put() as it already does that .
Level 1
I do
@php($user = Session::get('user'))
Then
{{ $user->id }}
And I only get '_token' in session when I do
@php(dd(Session::all()))
Level 73
@kaankaraoglu and what about using this instead:
return redirect()->route('dashboard')->withUser($user);
// or
return redirect()->route('dashboard')->with('user', $user);
?
Level 1
I have tried this but will give it another go just to be sure. Does this require any changes on the route itself?
Edit: Remember trying both but will do again.
Level 73
@kaankaraoglu no need to change the route. the with() method adds this as a flash session, which means it will last just for this request.
Level 1
Yes, that's the problem, hence I'm trying to keep it in the session for reuse. As I stated in the question when I use
return view('dashboard');
session persists for one page load and I can use it after loading dashboard view. But when I use
request()->route('dashboard');
Session is empty in the view.
Level 73
And btw, when you try to dump the user here:
$user = Socialite::driver('spotify')
->stateless()
->user();
dd($user);
This is not null but it has a User instance, right?
I believe that the session is not started yet at this point, and that's why it is not getting persisted. There is a StartSession middleware that has not ran yet. You can debug that by adding a break point in it's handle method.
Level 1
Yes $user is filled. Can give StartSession a go tonight. Does this explain why it is in session when I use view('dashboard') but not otherwise?
Level 73
@kaankaraoglu there is a better answer that I found around on why this happens :)
https://stackoverflow.com/questions/34438852/session-data-not-preserved-after-redirection
This is the same question as you have, and the same problem.
And it points to this reply over here:
So it means that you might have grouped the route in a web middleware which already happens by the framework already. To test that just run php artisan route:list and make sure that the web middleware is applied to the route only once.
I hope this helps better.
Level 1
Thanks Nakov! I'll try these and see if it helps. Cheers.
Level 1
Just checked and I don't have any groups in my web.php.
php artisan route:list prints this out.
GET|HEAD | api/user | | Closure | api,auth:api GET|HEAD | dashboard | dashboard | Closure | web GET|HEAD | login/spotify | redirect-to-spotify | App\Http\Controllers\Auth\LoginController@redirectToSpotify | web
GET|HEAD | login/spotify/callback | App\Http\Controllers\Auth\LoginController@handleSpotifyCallback | web
Level 73
@kaankaraoglu okay, the web comes from Laravel, when the routes.php file is loaded that group is applied to those routes. I don't know. Make sure you check the replies on the links that I posted, and see if anything helpful will come out from there.
Level 1
Found out that the problem was
SESSION_DOMAIN="http://localhost"
Set it to null and session was persistent again. Thanks for the help anyway! :)
5 likes
Level 1
Maybe oauth2 redirect_uri (localhost:8000) is different than your served application URI (127.0.0.1:8000) and SESSION_DOMAIN=localhost
Level 1
What worked for me, was setting 'same_site' => 'strict' to 'same_site' => 'lax' in config/session.php.
Please or to participate in this conversation.