sanctum: Local development cannot login

  • Sanctum Version: 2.4.0
  • Laravel Version: 7.15.0
  • PHP Version: 7.4.6
  • Database Driver & Version: 10.1.44-MariaDB-0ubuntu0.18.04.1

Description:

On Sanctum 2.3 I do not have any problems, auth works greate with my Vue.js SPA. Once I update to 2.4 logging in with secure cookies works fine on deployed application, but local development is rendered useless since I cannot login.

Steps To Reproduce:

Update to 2.4 and use the following configuration: COOKIE_SAME_SITE_POLICY=strict SESSION_DOMAIN=localhost SANCTUM_STATEFUL_DOMAINS=localhost SESSION_DRIVER=cookie SESSION_LIFETIME=120 SESSION_SECURE_COOKIE=false

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 4
  • Comments: 18 (7 by maintainers)

Most upvoted comments

It’s documented now: https://github.com/laravel/docs/pull/6105

+5
driesvints on Jun 11, 2020

@peric0 @RahulDey12 The fix for me was to use SANCTUM_STATEFUL_DOMAINS=localhost:3000 since that is where my frontend is hosted. I have Laravel API running on port 8001 and frontend on 3000. This works for me now, full config: COOKIE_SAME_SITE_POLICY=strict SESSION_DOMAIN=localhost SANCTUM_STATEFUL_DOMAINS=localhost:3000 SESSION_DRIVER=cookie SESSION_LIFETIME=120 SESSION_SECURE_COOKIE=false

+4
teutonicjoe on Jun 11, 2020

@averageflow are you running with php artisan serve?

If so, it runs on port 8000 by default. Changing your .env to: SANCTUM_STATEFUL_DOMAINS=localhost:8000 should work.

See PR #155

+4
fdalcin on Jun 10, 2020

We’ve decided that we won’t be reverting the PR that caused this because that would re-introduce https://github.com/laravel/sanctum/issues/150. We think it’s probably best that you include the port anyway and that it was never really intended to work without it. We’ll update the docs for this.

+3
driesvints on Jun 11, 2020

My application is a SPA running at http: // localhost: 8080 and laravel application at localhost: 8000, the problem was solved with the following parameters in env.

SANCTUM_STATEFUL_DOMAINS = localhost: 8080 SESSION_DOMAIN = localhost

according to what @ RahulDey12 # 149 mentioned, the guard should be “sanctum” but that did not work for me, use “web” I don’t know if it will be the right thing?

Thank you very much to all.

@averageflow @ RahulDey12

+3
peric0 on Jun 11, 2020

We should definitely document this in the Laravel website. It is too much of a breaking change. Thanks for the help too!

+3
teutonicjoe on Jun 11, 2020

@averageflow I will try to PR on docs

+2
RahulDey12 on Jun 11, 2020

I’m a bit torn between this being a breaking change or a documentation issue. Gonna try to get @taylorotwell to help look into this.

+1
driesvints on Jun 11, 2020

Then you’ll have to add both as follows: SANCTUM_STATEFUL_DOMAINS=localhost:3000,localhost:8000.

+1
fdalcin on Jun 10, 2020
Read more comments on GitHub
← sanctum: CSRF token mismatch and Unauthenticated
sanctum: SPA Can not Log out →