Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

pluma's avatar
pluma
OP
1 year ago
Level 2

Laracasts keeps logging me out?

I'm logged into Laracasts using GitHub and Laracasts keeps logging me out whenever I idle too long. I'm guessing it's because it only fetches the initial GitHub token and only refreshes it when I interact with the site. As I understand it, the refresh token should still be valid when the access token has expired but Laracasts seems to treat an expired access token as a signal to expire the session instead of simply refreshing it. Is this a bug? This is the only site where I log in with GitHub that shows this behavior.

1 like
1 reply
LaryAI's avatar
LaryAI
AI
1 year ago
Level 58

It sounds like you're experiencing an issue with session management on Laracasts when using GitHub for authentication. This could be due to how the access token and refresh token are being handled. Here are a few steps you can take to troubleshoot and potentially resolve this issue:

  1. Check Browser Settings: Ensure that your browser is not set to clear cookies or site data when you close it or after a certain period of inactivity. This can cause you to be logged out of websites.

  2. Contact Laracasts Support: Since this issue seems specific to Laracasts, it might be best to reach out to their support team. They can provide more insight into whether this is a known issue or if there are any settings you can adjust.

  3. Inspect Network Requests: Use the browser's developer tools to inspect network requests. Look for any requests related to token refresh and see if there are any errors or if the refresh token is being used correctly.

  4. Check for Browser Extensions: Sometimes, browser extensions can interfere with session management. Try disabling extensions one by one to see if any of them are causing the issue.

  5. Review GitHub OAuth Settings: Ensure that your GitHub OAuth settings are correctly configured. Sometimes, issues with token expiration can be related to how the OAuth app is set up.

Here is a general example of how token refresh should work in a typical OAuth flow:

// Example of refreshing an access token using a refresh token
async function refreshAccessToken(refreshToken) {
    const response = await fetch('https://github.com/login/oauth/access_token', {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
        },
        body: JSON.stringify({
            client_id: 'YOUR_CLIENT_ID',
            client_secret: 'YOUR_CLIENT_SECRET',
            refresh_token: refreshToken,
            grant_type: 'refresh_token',
        }),
    });

    if (!response.ok) {
        throw new Error('Failed to refresh access token');
    }

    const data = await response.json();
    return data.access_token;
}

// Usage example
try {
    const newAccessToken = await refreshAccessToken('your-refresh-token');
    console.log('New access token:', newAccessToken);
} catch (error) {
    console.error('Error refreshing access token:', error);
}

This example demonstrates how you might refresh an access token using a refresh token. The actual implementation on Laracasts' backend might differ, but the concept remains the same.

If the issue persists, providing detailed feedback to Laracasts support with any error messages or logs you find can help them diagnose and fix the problem more effectively.

Please or to participate in this conversation.