Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

wearerequired's avatar

authMiddleware and Session doesn't stay alive

i have created a auth-middleware and the problem is that the session doesn't stay alive and i have to send the login with each request. the session cookie is set in the browser.

using apache2, php 5.6 and lumen newest stable version

app.php

$app->withFacades(); $app->withEloquent();

$app->middleware([ //'Illuminate\Cookie\Middleware\EncryptCookies', //, 'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse' 'Illuminate\Session\Middleware\StartSession' , 'App\Http\Middleware\AuthMiddleware' //, 'App\Http\Middleware\CypherMiddleware' //, 'Illuminate\View\Middleware\ShareErrorsFromSession' //, 'Laravel\Lumen\Http\Middleware\VerifyCsrfToken' ]);

AuthMiddleware.php

use Closure; use Illuminate\Http\Request; use Illuminate\Contracts\Auth\Guard; use Validator;

class AuthMiddleware {

/**
 * The Guard implementation.
 *
 * @var Guard
 */
protected $auth;

/**
 * Create a new filter instance.
 *
 * @param  Guard  $auth
 * @return void
 */
public function __construct(Guard $auth)
{
    $this->auth = $auth;
}

public function handle($request, Closure $next)
{
    if(\Session::get('uid') || strpos($request->getRequestUri(), 'loginError') || strpos($request->getRequestUri(), 'auth/login')) {


        return $next($request);

    } else {


        $tvar = $request->input('user');
        $pw = $request->input('password');

        $validator = Validator::make(
            [
                'user' => $tvar,
                'password' => $pw
            ],
            [
                'user' => 'required',
                'password' => 'required|min:4'
            ]
        );

        if ($validator->fails())
        {
            // The given data did not pass validation

            return redirect('loginError');

        }

        if ($this->auth->attempt(['username' => $tvar, 'password' => $pw]))
        {
            if($this->auth->user()->disabled == 1)
                return redirect('userDisabled');

            if($this->auth->user()->disableEdit == 1) {
                \Session::put('noEdit', $noEdit = 1); //return ('You can only look not edit.');
            } else
                $noEdit = 0;

            \Session::put('uid', $this->auth->user()->id());
            \Session::put('cypher', $this->auth->user()->cypher());



            return $next($request);

        } else {
            return redirect('loginError');
        }
    }
}

}//end class

\Session::get('uid') is empty until authMiddleware authenticates each time

0 likes
0 replies

Please or to participate in this conversation.