Get userId from the session token

Level 63

auth()->id() gives you the id of the connected user.

Level 1

@vincent15000 I cannot use the request data because the user is not connected. The only information I have is the session cookie.

2 likes

Level 63

@drannagg How is it possible to retrieve the connected user id if no user is connected ?

But if you have a session with a token, it means that a user is connected.

What are you trying to do ?

Sinnbeck

Level 102

What session driver are you using? Why cant you get the user from the request? If they aren't logged in you cannot get the id

Maybe a start would be to get the session from a logged in user and try decrypting the values https://laravel.com/docs/9.x/encryption#decrypting-a-value

But explain what you are trying to do and there is probably a much better way

1 like

Level 1

I am using the File Manager for the sessions.

What I am trying to do is to make a request from my NextJS app to Laravel on the same server. Mainly, because I have to know if a user has the good privileges to access a page before rendering it and using getServerSideProps. The problem is that this request is made from the server to the server and not from the client to the server. So I can not use the classic Auth scheme. The only information I can get is the session cookie name. And I use it to make a request to a specific route like localhost/check_privileges?cookie_session=[value]

And when I decrypt the cookie name, I obtain the following pattern: b07a9cf767f4401c8b26feff3b5ef33b2b8570dd|wNH8G7HegwblPJenJLuiOjJDsAXRSMZlhMheUESa

The part after the '|' corresponds to the session file's name. I don't know for the first part.

Thanks in advance for your help! :)

1 like

Sinnbeck

Level 102

@drannagg never used nextjs, but I am unsure why you cannot send a proper request with auth (I assume you using web routes with full session support)

1 like

Level 63

@drannagg Ok so you have a back with Laravel and a front with NextJS.

What are you using to authenticate the users in the back ? Fortify ? Breeze ?

Level 1

@vincent15000 Yes, it is exactly this scheme. I am using Sanctum.

1 like

Sinnbeck

https://laravel.com/docs/9.x/sanctum#protecting-spa-routes

Level 102

@drannagg if the route has the auth middleware you can get it from the request

use Illuminate\Http\Request;
 
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

1 like

Level 63

@drannagg With Sanctum, you only have to apply what is in the documentation and it should work.

Unless you have the back and the front on two different domains. Effectively Sanctum needs that both the back and the front are on the same domain.

Level 1

@vincent15000 @sinnbeck The problem is that Sanctum relies on sessions. And that the request that NextJS will make will start from the server and will not be able to get the sessions from the browser (I think...)

The scheme is as follows: 1 - The client connects and receives a session cookie. 2 - The client makes a request for a page. 3 - NextJS checks if the user is known and if he has enough privileges to render the page. This operation is made inside the server without asking to the client.

So I need to find a way to send information about the user from NextJS to Laravel. And when I use Sanctum, the answer is that the user is not authenticated.

1 like

jlrdw

Level 75

@drannagg check the series here, I believe there are videos on nextjs. The lessons would explain the entire workflow.

1 like

https://laravel.com/docs/9.x/sanctum#spa-authenticating

Level 63

@drannagg I assume you are using axios ... have you read this ?