pmaechler's avatar

Laravel Authentication partially working

Hello

I'm struggeling with an Authentication problem since many hours.

Background Created an Application with Laravel 11 from scratch (eloquent, some livewire stuff, etc). Working fine so far Now I need to add authentication and authorization to the app. If possible via Azure socialite plugin. But first I'll do it agains the local database

After filling out the login form, i get redirected to the / page (login successfull) but I'm not logged in sessions are working

doing Auth::check() shortly after Auth::attempt() shows success

What puzzels me is

Doing Auth::loginUsingId(1) in a Controller -> same result. Doing Auth::loginUsingId(2) in a Blade-Template (View) -> logs me in I keep stayed in

There is, as far as I know, no strange middleware or anything in use. Usermodel is "default" from Laravel11

Using Auth::login($credentials) instead of Auth::attempt($credentials) gives me an error about Class must ... Authenticatable alltough the User Model extends Illuminate\Foundation\Auth\User as Authenticatable

Any ideas on how to troubleshoot this? I'm at a loss

/BR

1 like
10 replies
JussiMannisto's avatar

Using Auth::login($credentials) instead of Auth::attempt($credentials) gives me an error about Class must ... Authenticatable alltough the User Model extends Illuminate\Foundation\Auth\User as Authenticatable

Auth::login() takes a user model. I assume $credentials is an array, so it doesn't work.

As for the other stuff, I have a hard time understanding the actual problem. Did you say sessions work but login doesn't? You said Auth::check() works shortly after Auth::attempt(), which means the login worked. If you mean it returns true during the same request, but not afterwards, it's very likely that you have a session issue.

1 like
pmaechler's avatar

Sorry for the unclear question problem description Short version: when using Auth::loginUsingId(1) inside a controller, i loose the authentication on the following page. If I use Auth::loginUsingId(1) inside the blade template, all works fine

I did more or less the official guide to use authentication The issue is that inside my login controller, which handles the request I have

The output is check: 1 and i get my whole user object and the auth object of my user

On the following page or when turning the redirects on, the welcome page does not have an authenticated user

when i place {{ Auth::loginUsingId(1) }} inside the login template, I am immediately logged in, can browser over to other pages and keep beeing logged in

since the login works when i'm inside the blade template, i guess session stuff is working (tested with files and database and i see the data).

I hope this makes it more clear where my issue is

tia

1 like
pmaechler's avatar

Thanks for you reply!

I'm not sure what you wan't to point out.

I already read the description and content of the attempt() and the loginUsingId() function and i do understand the differences. loginUsingId() is hardcoding the login to a user given by the ID without any check or proof, that the credentials (user and pass) are correct. attempt() is verify the credentials and if they match, log the user in

The loginUsingId() function is just for debugging and I'm well aware that such code is dangerous and contra-production in production

I was checking where the "authentication gets lost" or if laravel redirects me because of invalid data. therefor i "hardcoded" the login to see if I'm still logged in on the next page. Since my welcome page just renders a template, Route::view('/', 'welcome')->name('home'); I put the login-code {{ Auth::loginUsingId(1) }} directly into the template.

Afterwards i checked if this also works when putting the login into a controller

To me it looks like, when the Controller Code is running, the session or authentication stuff is not ready

To further troubleshoot this or make sure session are working i have a simple controller

public function show()
    {
        session([time() => 'key_' . rand(1, 999)]);
        return view('ansible.list', [
            'playbooks' => $this->playbooks,
            'sess'=> session()->all()
        ]);
    }

and inside the template i just {{ print_r($sess) }} the whole session data. there I do see different key_nnn entries and the whole history. so sessions are working

1 like
Snapey's avatar

If you lose the login state from one page to the next, then you have a sessions problem. Nothing to do with auth.

You should test a simple route. Read and dump session variable, the set session variable.

If you refresh the page, session value should be there on every refresh.

Also, install Laravel debugbar and enable the session collector. This will show you what is happening with session from one request to the next. Dont use dd() in your testing as this will prevent session being saved.

pmaechler's avatar

Hello Snapey

I'm back at field 1 :) I also had the impression that it has to be a session problem, but...

Simple Controller

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class AnsibleController extends Controller
{
    private $playbooks = [
        'find_serial'
    ];

    public function show(Request $request)
    {
        session(['S_' . time() => 'key_' . rand(1, 999)]);
        $request->session()->put('R_' . time(), rand(1, 999));
        return view('ansible.list', [
            'playbooks' => $this->playbooks,
            'sses'=> session()->all(),
        ]);
    }
}

and an easy template

@section('content')
    <div class="container-fixed">
        <pre>
            {{ print_r($sses) }}
        </pre>
    </div>
@endsection

Results in:

this means that i can read and write to the session with either session() or $request->session()

Maybe I have a mix between php $_SESSION and Laravel Sessions. But the example above explicitly uses the Laravel Session functions provided in the manual

JussiMannisto's avatar

Never use $_SESSION, $_REQUEST, or any of the other PHP globals in a Laravel app. That bypasses Laravel's driver system completely.

1 like
krisi_gjika's avatar

your session does not have a "login_web_*****" key here, so you are not logged in.

Snapey's avatar

you didnt do what I suggested?

Put something is session, and then read it on multiple requests.

You can do this in your routes file, no need for controllers and views

pmaechler's avatar

I'm a bit surprised. The above snippets shows, that I do put stuff into my session and can read the values over multiple request.

This was done in the first and a simple Controller I found. I also installed the debugbar (nice tool, thx for the hint)

Was surprises me a lot more and kinda worries me is that now, after the login::attemp() call I put stuff in the session and can read them

and now i stay logged in

dd() is "debug-and-dump, so the code execution is stopped and session stuff is not saved but dump() which I used bevor, is just "debug the data and go on". looks to me that the session won't be saved with that either

I have to dig deeper into it. Currently I can use the login form, session or authentication is working. I have to double check if there are any "stupid" tests are lying in my code and clean those up. I'm worried because in my opinion stuff should be saved in the session. I should not net to put extra garbage into the session with session()->put()

I'll keep you updated

Snapey's avatar

you dont need to put extra stuff (normally)

btw, dd is dump and die.

Please or to participate in this conversation.