Cookie and Production Errors on Azure!!!

Hi every body,

Thanks for this opportunity of help.

First that all I want to know if it's normal behavior, any time a make a request to my web site receive three Cookies in this format. Site | Cookie Name My site | blank My site | xsrf-token My site | laravel-session

Second: I was looking for errors on mi site running on Azure, and I want to know if this is normal? My app its working fine locally, but since when I deploy to azure, its a crazy find where its a problem.

First at all I disabled VerifyCsrfToken middleware because that was the first error I receive "Token-mismatch". As a note I add "x-xsrf-token" as a header for all my pages and i used inside.

After that, my authentication some times work, some times not for that reason some times i'm be redirected to login page. I found that I have not permissions under storage folder, and i solved. I have two days looking all my files y diding see whats wrong.

I need to find a point to start.

This are my .httaccess file and web.config if this could be cause of any trouble for redirection.

thanks.

httaccess

Options -MultiViews

RewriteEngine On
RewriteBase /wwwroot/public/

# Redirect Trailing Slashes If Not A Folder...
# RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

web.config

    <rewrite>
        <rules>
            <rule name="Laravel5" stopProcessing="true">
              <match url="^" ignoreCase="false" />
              <conditions logicalGrouping="MatchAll">
                <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
              </conditions>
              <action type="Rewrite" url="index.php" appendQueryString="true" />
            </rule>
        </rules>
    </rewrite>

    <defaultDocument>
        <files>
            <remove value="index.php" />
            <add value="index.php" />
        </files>
    </defaultDocument>
    <directoryBrowse enabled="false" />
    <caching>
        <profiles>
            <add extension=".html" policy="DisableCache" kernelCachePolicy="DisableCache" />
            <add extension=".php" policy="CacheForTimePeriod" kernelCachePolicy="CacheForTimePeriod" duration="7:00:00:00" />
        </profiles>
    </caching>
    <handlers>
        <remove name="OPTIONSVerbHandler" />
        <remove name="PHP70_via_FastCGI" />
        <add name="PHP70_via_FastCGI" path="*.php" verb="GET, PUT, POST, HEAD, DELETE, OPTIONS, TRACE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK" modules="FastCgiModule" scriptProcessor="D:\Program Files (x86)\PHP\v7.0\php-cgi.exe" resourceType="Either" requireAccess="Script" />
    </handlers>
</system.webServer>

Luernes

9 years ago

Level 1

after so many day it's working, Does I do it.

On my .Env File:

CACHE_DRIVER=array
QUEUE_DRIVER=array

On my config \session.php File:

'driver' => env('SESSION_DRIVER', 'cookie'),
'lifetime' => 120,
'expire_on_close' => true,
'cookie' => 'XSRF-TOKEN',
'domain' => env('SESSION_DOMAIN', "!!!!!-- IMPORTANT PUT YOUR DOMAIN NAME HERE---!!!!!"),

1- Added this on my view/layout template as a head

<meta name="csrf-token" content="{{ csrf_token() }}">

2- After, in the same layou and before post.scripts

    ```<script>
        window.addEventListener("load", function load(event) {
            window.removeEventListener("load", load, false);
            $.ajaxSetup({headers: {'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')}});
        }, false);
    </script>```

define header for my ajax request in all pages.

Add this on handler

if ($e instanceof TokenMismatchException) {
            return redirect()->route('login')->withErrors(['message', 'Session expired, please Login again.']);
        }

<input type="hidden" id="_token" name="_token" value="{{ csrf_token() }}">

as a hidden file to all my forms or at less one time for a blade if using ajax.

send

data: {
    _token: $("#_token").val()
     },

to all your AJAX CALL except GET.

good look :).

Please or to participate in this conversation.