Skip to content
Advertisement

Laravel Auth::login “expires” after page reloads

I’ve implemented a “custom” login setup for our application as we are using the X-Forwarded-User from our proxy (NB – Internal low-security application before we do down that route!)

Unfortunately, it seems that every time we load the page, the user isn’t actually logged in. They are logged in as soon as I do Auth::login, but as soon as the page reloads and I do an Auth::user check, they are not logged in.

As you can see here, this is run via middleware so it’s run on every request, but I’m a little confused why I am having to do a login every time the page loads and the user isn’t “really” getting logged in.

<?php

namespace AppHttpMiddleware;

use AppUser;
use Closure;
use IlluminateSupportFacadesAuth;

class ValidateForwardedUser
{
    /**
    * Handle an incoming request.
    *
    * @param  IlluminateHttpRequest  $request
    * @param  Closure  $next
    * @return mixed
    */

    public function handle($request, Closure $next)
    {
        if ($request->header('X-Forwarded-User')) {
            $forwardedUser = $request->header('X-Forwarded-User');

            // This is always empty
            print_r("Logged in user before auth = ".Auth::user()."<br>");

            if (!Auth::check() || Auth::user() != $forwardedUser) {
                if (User::where('email', '=', $forwardedUser)->first()) {
                    $user = User::where('email', '=', $forwardedUser)->first();
                    Auth::login($user);
                } else {
                    $user = new User();
                    $user->email = $forwardedUser;
                    $user->save();
                    Auth::login($user);
                }
            } else {
                // We should never hit this, but we throw an exception so it's debugable if we do!
                throw new Exception('ValidateForwardedUser Exception #1');
            }

            // This is always populated
            print_r("Logged in user before auth = ".Auth::user()."<br>");

            return $next($request);
        } else {
            // We should never hit this, but we throw an exception so it's debugable if we do!
            throw new Exception('ValidateForwardedUser Exception #2');
        }
    }
}

All routes use the “web” middleware which is shown below (Specifically the problem here appears to be with ValidateForwardedUser)

protected $middlewareGroups = [
    'web' => [
        AppHttpMiddlewareEncryptCookies::class,
        IlluminateCookieMiddlewareAddQueuedCookiesToResponse::class,
        IlluminateSessionMiddlewareStartSession::class,
        // IlluminateSessionMiddlewareAuthenticateSession::class,
        AppHttpMiddlewareValidateForwardedUser::class,
        IlluminateViewMiddlewareShareErrorsFromSession::class,
        AppHttpMiddlewareVerifyCsrfToken::class,
        IlluminateRoutingMiddlewareSubstituteBindings::class,
        AppHttpMiddlewareBrowserFilter::class,
    ],

    'api' => [
        'throttle:api',
        IlluminateRoutingMiddlewareSubstituteBindings::class,
    ],
];

Edit: After some debugging, every refresh of the page creates a new session. This doesn’t seem right and might be part of the issue?

Advertisement

Answer

Although login was working every time (but not persisting between page reloads), updating my User model path fixed my issue.

For some reason or another, I’d previously changed my User model to AppUser.

Moving it back to AppModelsUser (and updating all relevant references) made solved my issue.

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement