framework: [5.4] Can't keep user logged in since 5.4
- Laravel Version: 5.4.6
- PHP Version: 7.0.13
- Database Driver & Version: MariaDB 10.1.21 - MySQL 15.1
Description:
I had an application made with Laravel 5.3 that was running fine, but after upgrading to Laravel 5.4, every time we authenticate, it goes fine and we have access to user informations :
{"id":X,"name":"Foo","email":"foo@bar.com", . }
The thing is, it is not really logged in as when we want to access a protected view that this user would have access to, it redirects on the login page. I checked a fresh install of Laravel 5.4 methods of authentication and can’t find any difference between application and this fresh 5.4 application. Moreover, it seems that the User object is getting a null value inside the middleware that protects the routes. So if someone could tell me where this problem comes from, it would be really helpful, Thanks.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 16 (2 by maintainers)
Alright, we did find the problem. The source wasn’t the session as we were focusing on, but that was indeed a middleware that was causing that all.
It was the
apimiddleware group (that hadAddQueuedCookiesToResponse,StartSessionandShareErrorsFromSessionmiddlewares, withthrottle:60,1andbindings. First thing we did that fixed the problem is we copied every middleware from thewebmiddleware group (except VerifyCSRFToken). When we saw that it was working, we removed the middlewares all by one and noticed the problem.It seems that the middleware missing was
EncryptCookies, even though that the encryption in the session configuration file was set to false… So the api routes were trying to get cookies it couldn’t read because of encryption, and making the user fall back to login this way.Thank you all for taking time to help with this issue that was particularly difficult to solve.