Level 88
Well, this could happen if you have multiple sessions running on a single page. How is your multi auth setup?
Mar 20, 2020
15
Level 2
Page return 419 page expired
Hello, I have a login form that returns a 419-page expired error first I thought that I might forget using the @csrf but it exists and I also tried the csrf_filed() but still not working the same error message am using Laravel multi auth do you have any idea why this error appears? and thanks for the help I really do appreciate it.
Level 75
I think it will be something with this https://dev.to/zubairmohsin33/dealing-with-chrome-samesite-cookie-attribute-in-shopify-apps-made-with-php-laravel-pcb
Level 2
this is my login controller
<?php
namespace Bitfumes\Multiauth\Http\Controllers;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('admin:admin', ['only' => 'showLoginForm']);
$this->middleware('guest:admin', ['except' => 'logout']);
}
protected function sendLoginResponse(Request $request)
{
$request->session()->regenerate();
$this->clearLoginAttempts($request);
return redirect($this->redirectPath());
}
/**
* Show the application's login form.
*
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function showLoginForm()
{
return view('multiauth::admin.login');
}
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
$request['active'] = 1;
return $request->only($this->username(), 'password', 'active');
}
/**
* @param Request $request
*
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function logout(Request $request)
{
$this->guard()->logout();
$request->session()->invalidate();
return redirect(route('admin.login'));
}
/**
* Get the guard to be used during authentication.
*
* @return \Illuminate\Contracts\Auth\StatefulGuard
*/
protected function guard()
{
return Auth::guard('admin');
}
/**
* Validate the user login request.
*
* @param \Illuminate\Http\Request $request
*
* @return void
*/
protected function validateLogin(Request $request)
{
$request->validate([
'email' => 'required|string',
'password' => 'required|string',
]);
}
protected function redirectPath()
{
return config('multiauth.redirect_after_login');
}
}
and this is the login view
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<!-- Meta, title, CSS, favicons, etc. -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="csrf-token" content="{{ csrf_token() }}">
<title>Makondi</title>
<!-- Bootstrap -->
<link href="{{ asset('backend/vendors/bootstrap/dist/css/bootstrap.min.css')}}" rel="stylesheet">
<!-- Font Awesome -->
<link href="{{ asset('backendvendors/font-awesome/css/font-awesome.min.css')}}" rel="stylesheet">
<!-- NProgress -->
<link href="{{ asset('backend/vendors/nprogress/nprogress.css')}}" rel="stylesheet">
<!-- Animate.css -->
<link href="{{ asset('backend/vendors/animate.css/animate.min.css')}}" rel="stylesheet">
<!-- Custom Theme Style -->
<link href="{{ asset('backend/build/css/custom.min.css')}}" rel="stylesheet">
</head>
<body class="login" style="background-color: black">
<div>
<a class="hiddenanchor" id="signup"></a>
<a class="hiddenanchor" id="signin"></a>
<div class="login_wrapper">
<div class="animate form login_form">
<section class="login_content">
<form method="POST" action="{{ route('admin.login') }}">
<h1 style="color:white"> Login Form</h1>
<div >
<input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" name="email" value="{{ old('email') }}"
required autofocus placeholder="Username"> @if ($errors->has('email'))
<span class="invalid-feedback" role="alert">
<strong>{{ $errors->first('email') }}</strong>
</span> @endif
</div>
{{-- <div>
<input type="text" class="form-control" placeholder="Username" required="" />
</div> --}}
<div >
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password"
required placeholder="Password"> @if ($errors->has('password'))
<span class="invalid-feedback" role="alert">
<strong>{{ $errors->first('password') }}</strong>
</span> @endif
</div>
{{-- <div>
<input type="password" class="form-control" placeholder="Password" required="" />
</div> --}}
<div>
<button type="submit" class="btn " style="background-color:orangered">
{{ __('Login') }}
</button>
<a class="btn btn-link" href="{{ route('admin.password.request') }}" style="color:white">
{{ __('Forgot Your Password?') }}
</a>
</div>
<div class="clearfix"></div>
<div class="separator">
<div class="clearfix"></div>
<br />
<div>
<h1 style="color:white"><img src="{{ URL('backend/docs/images/IMG-20190507-WA0001~2.jpg') }}" width="70px" height="60px"> Company Makondi</h1>
<p style="color:white">©2019 All Rights Reserved. Company Makondi. Privacy and Terms</p>
</div>
</div>
</form>
</section>
</div>
</div>
</div>
</body>
</html>
Level 122
You need to put @csrf actually within your form
The one in the header is for ajax requests
Level 2
I did that but still the problem exists
Level 122
then why show code without it ? You know its needed.
Level 2
the code is working on my localhost fine but on the server it shows the error 419
Level 2
sorry my bad I was trying many things at once and copied the last edit and paste it here the csrf was not on the last try sorry again
Level 88
This probably indicates that you're either using a different session driver on your server or something is configured wrongly on your server.
Level 2
my cache drive is the same I just uploaded the same files from the server and test them at my localhost and the login process completed successfully on the localhost but it returns 419 when trying to do the same at the server.
Level 75
Check this: https://github.com/laravel/laravel/blob/d82bf9768b5d486d08159c191bec8a3d7b426436/config/session.php#L197 on localhost I have to set it to 'lax' but on server to 'none'
And also this: https://github.com/laravel/laravel/blob/d82bf9768b5d486d08159c191bec8a3d7b426436/config/session.php#L169 on localhoste I have to set it to false but on server to true
Maybe it helps to you.
Level 122
can users login and stay logged in?
Level 75
Yes
Level 122
Level 2
for some reason when I update the PHP version from PHP v7.1 to PHP v7.3 it fixed my problem
Please or to participate in this conversation.