Level 16
Can you share your sanctum & cors configuration file?
1 like
Aug 20, 2021
3
Level 1
Laravel Sanctum API Auth keeping state
Hello, I'm implementing Laravel Sanctum Api auth for my Laravel + vue project. I had no problems defining the login system, so I can login without problems, I can see the XSRF-TOKEN correctly in the requests and access to api routes protected by auth:sanctum middleware, so far fine.
The problem comes when I reload the page, so obviously the csrf token changes, so I send again the request of /sanctum/csrf-cookie but the user needs to login again.
So I really can't understand and think that it should be like that, I mean, is a pain in the ass that the user needs to login each time that he closes the browser.
Can someone help me with some light, please ?
Level 1
cors.php
return [
'paths' => ['api/*'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 10000,
'supports_credentials' => true,
];
sanctum.php
return [
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
'%s%s',
'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
env('APP_URL') ? ',' . parse_url(env('APP_URL'), PHP_URL_HOST) : ''
))),
'expiration' => null,
'middleware' => [
'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
],
];
Level 1
Sorry. I have solved the problem.
First mistake was that I was doing the login POST request to api/login when I just realized that it should be in the web.php (thing that I don't understand why, but whatever)
Second mistake was that for some reason I had some middlewares commented on the "web" middleware group, so I just uncommented, and it worked.
Thank so much for your time.
Please or to participate in this conversation.