Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

vincent15000's avatar

Persistent authentication without any additional storage or cookie datas

Hello,

I have a Laravel / Sanctum / VueJS / Axios app.

The authentication works fine. When I log in, all is ok for navigating throw different menu links until I reload the page, then I need to log in again.

Is there a way to persist the authentication (for example if I reload / refresh the browser) using only the secure environment from Sanctum and without using any additional storage or cookie data stored in the browser ?

Thanks for your help.

Vincent

0 likes
9 replies
vincent15000's avatar

I have searched for a solution and I try to figure out how I could use this package.

https://www.npmjs.com/package/vue-cookies

If I retrieve the cookies present in the browser, while refreshing the page I can probably use these cookies to check if they are valid cookies for the current user session.

Who has already done something similar ?

sr57's avatar

Hi @vincent15000

Is there a way to persist the authentication ... without using any additional storage or cookie

No, being authenticated means having a good token, so you have to keep this token somewhere in order to send back to the server with each request.

You should read the following link to understand how this works and why cookies is the best solution.

https://jcbaey.com/authentication-in-spa-reactjs-and-vuejs-the-right-way/

That said, with a good config, authentication should be persistent (you can reload pages, ...). I used the following link to setup my first app, it can be a little outdated (airlock was the previous name of sanctum) and it's in french but you should verify your config versus it.

https://medium.com/frianbiz/laravel-airlock-vue-js-f08724b64da2

Last but not least, use your browser DevTools (console for errors, network and header)

Hope it helps.

1 like
vincent15000's avatar

@sr57 Thank you for your answer @sr57.

I meant without any additional cookies than those generated by Sanctum.

My configuration seems to be similar to the one from your last link.

Well ... when I log in and navigate, it's ok. Then strangely when I load a specific route typing it directly in the address bar of the browser, instead of loading this route, it reloads the entire page and redirects to the login page.

When I check the cookies, they don't have changed. So I suppose that I'm not logged out, but only redirected to the login page.

I will search why ... perhaps a router problem ? or perhaps something around the .htaccess configuration on the shared hosting ?

sr57's avatar

When I check the cookies, they don't have changed

Ok, but did you send it?

Have a look in your browser (live header extension in Firefox)

1 like
vincent15000's avatar

@sr57 Here is the content of the headers when I try to load directly the /students route.

https://mydomain.fr/students
Host: mydomain.fr
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=... // Here is the token, I just don't show it here
laravel_session=... // Here is the laravel session, I just don't show it here
AIMAwU8PIVeBjyFERCjpUZ3zQ4abFbKHnOTbfV4X=... // I don't know what it is and I just don't show it here
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
GET: HTTP/2.0 200 OK
content-type: text/html
date: Sat, 16 Jul 2022 20:47:58 GMT
server: Apache
last-modified: Sat, 16 Jul 2022 18:21:40 GMT
etag: W/"28e-5e3f034be84e5"
content-encoding: gzip
X-Firefox-Spdy: h2

It looks like the API call has been correctly executed, so the problem is perhaps with my vue router.

Do you see something strange in my router configuration ?

import { createRouter, createWebHistory } from 'vue-router'
import store from '../store'

import Home from '../views/Home.vue'
import Login from '../views/Login.vue'
import Students from '../views/students/Students.vue'

const routes = [
  {
    path: '/',
    name: 'home',
    component: Home,
    meta: {
      requiresAuth: true
    }
  },
  {
    path: '/login',
    name: 'login',
    component: Login
  },
  {
    path: '/students',
    name: 'students',
    component: Students,
    meta: {
      requiresAuth: true
    }
  },
  {
    path: '/:pathMatch(.*)*',
    name: 'notfound',
    component: Home
  }
]

const router = createRouter({
  history: createWebHistory(process.env.BASE_URL),
  routes
})

export default router
sr57's avatar
sr57
3 years ago
Best Answer
Level 39

@vincent15000

Did not see any concern.

Had you look at the "Network" tab of the Firefox devtools? Any error, ... ?

1 like
vincent15000's avatar

@sr57 I have no error ... the HTTP request has the status 200 ... I see that when I reload the page, it reloads all scripts just after the API call.

I will continue searching tomorrow ;).

1 like
vincent15000's avatar

@sr57 Hello ... Thank you for your help ;) ... I have solved my problem.

I have added an authenticated flag in the sessionStorage, this helps me to persist the authenticated variable in VueX.

Now when I directly load a route, it refresh VueX with the persisted values and it loads the good component.

Some people would say that it's not very secure (in another post, @martinbean explained why and some other posts in the web share best pratice with that) because I have a flag which can be modified by any user, but my routes are protected by the sanctum middleware. And this flag isn't set when a user is unconnected (only when connected).

I will try later to improve the access to the menu and the routes using ziggy with its filter functionality.

Please or to participate in this conversation.