After login I use session to set the user details. If i use postman i can get the session details. If i try logging from my browser its showing null
Here is my controller
namespace App\Http\Controllers;
use App\Models\User;
use Session;
class UserController extends Controller {
public function login(){
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$requestArray = array();
foreach($request as $key => $value){
$requestArray[$key] = $value;
}
$user = User::login($requestArray);
Session::put("activeuser", $user);
Session::save();
return json_encode(array('result'=>Session::get("activeuser")));
}
Controller to fetch session details
namespace App\Http\Controllers;
use Session;
class ThisSessionController extends Controller {
public function getdetails($key)
{
return json_encode(array($key => Session::get($key)));
}
}
config/session.php
'driver' => 'file',
Edit 1 As a point of information, i use laravel to make only api calls. So my domain will be api.mydomain.com/sessiondetails/activeuser
Is this the problem?
Edit 2
The first object is the ajax call to the session get url and second object is the return value after login success.
Two tokens were totally different.
Edit - 3
I have updated laravel with jwt and it is throwing JWT::Factory is not available. below is my updated code.
namespace App\Http\Controllers;
use App\Models\User;
use Illuminate\Http\Request;
use App\Http\Requests;
use JWTAuth;
use Tymon\JWTAuth\JWTManager as JWT;
use Tymon\JWTAuth\Exceptions\JWTException;
class UserController extends Controller {
public function login(Request $request){
$credentials = $request->only('username', 'password');
$user = User::login($requestArray);
if($user){
$payload = JWTFactory::make($credentials);
$token = JWTAuth::encode($payload);
}
return json_encode(array('result'=>$token));
}
Edit - 4
I changed the code inside login function and i get result as
{"token":{}}
UserController@login code
$customClaims = ['foo' => 'bar', 'baz' => 'bob'];
$payload = app('tymon.jwt.payload.factory')->make($customClaims);
$token = JWTAuth::encode($payload);
EDIT 5
My final working code that could generate the token in laravel is
public function login(Request $request){
$credentials = $request->only('username', 'password');
try {
$user = User::login($credentials);
if(!$user)
throw new Exception("Error Processing Request", 1);
} catch (Exception $e) {
return response()->json(['error' => false]);
}
$token = JWTAuth::fromUser($user);
return response()->json(compact('token'));
}
PHP Sessions use a cookie to keep track of the session. You visit the page mydomain.com and the browser sends cookies for that domain, but when the javascript makes requests to api.mydomain.com it doesn't include cookies because it's a cross domain request so the session can't be tracked.
Token authentication is stateless meaning there is no session to save to or retrieve from. All the information needed for the request must be included in the request. So you get the user information from the token.
On your login page you post the credentials and return a token. Your frontend will then attach the token to every subsequent request.
This example assumes you use JWTAuth, but the concept would work with any token service.
Once you have a token you can use the JWT middleware
jwt.auth
to protect any route. To get the user info from the token useJWTAuth::toUser()
Instead of making requests to get session data from the server, you should store that information on the client side.