csrf not generating on custom session create

I have created a custom session to handle sessions of admin, company, etc and on login with company below are the scenerio,

with SwitchSessionDriver middleware enable, I am getting null in csrf_token() and session is customsession (need this enable and data in csrf token)
with SwitchSessionDriver middleware disabled, I am getting data in csrf_token() and session is database

Company Login

if(Auth::guard('company')->attempt($request->only('email','password'),$request->filled('remember'))) {
            return redirect()->intended(route('company.home'))->with('status','You are Logged in as Company!');
        }

AppServiceProvider.php

Session::extend('customsession', function (Application $app) {
            return new CustomSessionHandler(DB::connection(), 'sessions', config('session.lifetime'), $app);
        });

Kernal.php

protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \App\Http\Middleware\SwitchSessionDriver::class,
        ],

        'api' => [
            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];

SwitchSessionDriver.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Config;
use Symfony\Component\HttpFoundation\Response;

class SwitchSessionDriver
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next): Response
    {
        if (Auth::guard('admin')->check()) {
            Config::set('session.driver', 'customsession');
        } elseif (Auth::guard('company')->check()) {
            Config::set('session.driver', 'customsession');
        } elseif (Auth::guard('gym')->check()) {
            Config::set('session.driver', 'customsession');
        }

        return $next($request);
    }
}

CustomSessionHandler.php

<?php

namespace App\Extensions;

use Log;
use Illuminate\Database\ConnectionInterface;
use Illuminate\Session\DatabaseSessionHandler;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Session;

class CustomSessionHandler extends DatabaseSessionHandler
{
    protected $guard;

    public function __construct(ConnectionInterface $connection, $table, $minutes, $app, $guard = null)
    {
        parent::__construct($connection, $table, $minutes, $app);
        $this->guard = $guard;
    }

    /**
     * Read session data.
     *
     * @param string $sessionId
     * @return string|false
     */
    public function read($sessionId): string|false
    {
        $sessionData = parent::read($sessionId);
        return $sessionData ? base64_decode($sessionData) : false;
    }

    /**
     * Write session data to the database.
     *
     * @param string $sessionId
     * @param string $data
     * @return bool
     */
    public function write($sessionId, $data): bool
    {
        $payload = base64_encode(serialize($data));
        
        $sessionData = [
            'last_activity' => time(),
            'ip_address' => request()->ip(),
            'user_agent' => request()->userAgent(),
        ];

        // Set the appropriate identifier based on the guard
        if (Auth::guard('admin')->check()) {
            $sessionData['admin_id'] = Auth::guard('admin')->id();
        } elseif (Auth::guard('company')->check()) {
            $sessionData['company_id'] = Auth::guard('company')->id();
        } elseif (Auth::guard('gym')->check()) {
            $sessionData['gym_id'] = Auth::guard('gym')->id();
        }

        return $this->performUpdate($sessionId, $payload, $sessionData);
    }

    /**
     * Update session data in the database.
     *
     * @param string $sessionId
     * @param string $payload
     * @param array $sessionData
     * @return bool
     */
    protected function performUpdate($sessionId, $payload, array $sessionData = []): bool
    {
        $sessionData['payload'] = $payload; // Assign payload to session data array

        return $this->getQuery()->updateOrInsert(['id' => $sessionId], $sessionData);

        // return $this->getQuery()->where('id', $sessionId)->update($sessionData);
    }

    /**
     * Destroy a session.
     *
     * @param string $sessionId
     * @return bool
     */
    public function destroy($sessionId): bool
    {
        return parent::destroy($sessionId);
    }

    /**
     * Garbage collect old sessions.
     *
     * @param int $lifetime
     * @return int
     */
    public function gc($lifetime): int
    {
        return (int) parent::gc($lifetime);
    }
}

malikmeraj

1 year ago

Level 1

Use @csrf in the tags of your blade file.

aavinseth

1 year ago

Level 1

@malikmeraj csrf_token() is working for database session but with custom session it is showing blank

Please or to participate in this conversation.