Level 75
Sep 27, 2021
7
Level 1
Where is the session token generated?
Trying to understand all what's going on during authentication. I see where the session key is defined in /config/session.php, but not seeing where the token is generated.
Also, side note, is Breeze the most minimal form of authentication you can add to a Laravel 8 app? Breeze is what I'm currently using. I see a UI is needed for all the others and don't see needing Tailwind necessary.
Thanks.
Level 1
Level 122
@james0r no this is for cross site request forgery, not session management. Which is it you are asking about?
Level 122
It starts with the StartSession middleware and the various SessionManager and SessionProvider parts of the framework.
Why do you need to know?
Level 1
@Snapey Okay I will check those out. I just like to understand why/how things are happening. Find it works out best in the long run.
Thanks!
Level 122
@james0r The basics principles are;
You connect to the server for the first time. A session is established and a cookie is given to the client containing the session key.
You send the next request from the client along with the cookie. Laravel matches the token in the cookie with the session store and loads the user's session.
When the user sends credentials as part of the login form, then are checked against the user table and if matching then the user's session is loaded with the authenticated user details.
Whenever you send a request to the server, the session is found which contains the authentication so the user is known and can be authorized (or not) for whatever actions they want to do.
Level 75
Sorry I wasn't sure which token, but if you go to that API you can pretty well much find anything you need.
To better understand these complete cycles of what happens, I would suggest you take the php practitioner course right here, it's free. Then the Free laravel 8 from scratch.
Those free courses are to help you get a lot of the basics.
1 like
Please or to participate in this conversation.