Level 1
Not sure what you're doing, but Laravel encrypts its cookies. While PHP/JS functions not. Make sure you're not mixing these 2 approaches together.
Jul 2, 2022
17
Level 7
cookie not being set in browser
Here is my login method:
public function login(Request $request) {
if (!\Auth::attempt($request->only('email', 'password'))) {
return response([
'error' => 'invalid credentials'
], Response::HTTP_UNAUTHORIZED);
}
$user = \Auth::user();
$adminLogin = $request->path() === 'api/admin/login';
if($adminLogin && !$user->is_admin) {
return response([
'error' => 'Access Denied!'
], Response::HTTP_UNAUTHORIZED);
}
$scope = $adminLogin ? 'admin' : 'ambassador';
$jwt = $user->createToken('token', [$scope])->plainTextToken;
$cookie = cookie('jwt', $jwt, 60*24); //1 day
return response([
'message'=> 'success'
])->withCookie($cookie);
}
My cookie doesn't seem to be getting set in my browser?! I was told to make config/session.php
'same_site' => 'none',
when this was initially set to lax it saved the cookie in postman, now it's not setting it in the browser?! please help?
Level 7
I'm not, i'm posting to my Laravel API using Vue axios and then setting the cookie but it's not being set in the browser
Level 7
i am however on a different domain hence why CORS kicked in
Level 7
can anyone help here please?
Level 51
That part is not going to set cookies.
return response([
'error' => 'invalid credentials'
], Response::HTTP_UNAUTHORIZED);
Are you sure that your app doesn't reach to theses ends?
And according to the documentation the last return statement should be
$cookie = cookie('jwt', $jwt, 60*24); //1 day
return response([
'message'=> 'success'
])->cookie($cookie);
https://laravel.com/docs/9.x/responses#generating-cookie-instances
Level 7
the lower part sets the cookies:
$jwt = $user->createToken('token', [$scope])->plainTextToken;
$cookie = cookie('jwt', $jwt, 60*24); //1 day
return response([
'message'=> 'success'
])->withCookie($cookie);
Level 51
@boyjarv Did you update it according to the docs. Using cookie not withCookie?
1 like
Level 7
can I not just change this for local storage instead?
Level 12
Your problem is with the configuration, simply you have two options:
- Set the
same_siteoption back tolax(or even set it in the cookie() helper) - Or if you wanna send the
SameSiteas none, you have to specify the cookie secure attribute.
1 like
Level 7
I've tried setting it to lax, strict and none, lax used to work in Postman but now it's not, neither work in browser
Level 7
ok so I have unlinked valet and set everything to 127.0.0.1 I get to my laravel app but can't access /api routes now?! I get 404 not found
Level 7
please help
Level 1
Try changing the SESSION_DRIVER in your .env file to cookie and see it it works ie
SESSION_DRIVER=cookie
Level 7
that didn't work, I'm still stuck here
Level 7
I've just noticed in POSTMAN it says Set-Cookie in the Headers and there's a JWT token: jwt=141%7CzkSEPtmr2v4zrODhJWR9g7LkztGCXCJ12pY89WXS; expires=Wed, 13 Jul 2022 21:09:05 GMT; Max-Age=86400; path=/; domain=LARAVEL_BASE_URL; httponly; samesite=lax
but it's not setting it as a cookie?!
Level 7
anyone?
@boyjarv SOLUTION: in my case the issue was an empty string, at the being of html, make sure there is no empty space in the output version or rendered version of your laravel code
Please or to participate in this conversation.