1

I'm on Laravel 5.1 using Cartalyst's Sentinel as my authentication system. I'm using angular on my front-end.

I have a form at domain.com/login that sends a POST request to api.domain.com/login. If the user has entered correct credentials api.domain.com/login returns {'success': true} which my front-end looks at and eventually forwards to domain.com/dashboard

This is where the problem arises. The relevant portion of my dashboard controller:

if( Sentinel::check() ) {
    return view('dashboard');            
} else {

    return redirect()->route('login');
}

is not detecting the user as logged in. And keeps sending me back to domain.com/login

I suspect this is happening because the logging in part is happening at api.domain.com and we're checking to see if the user is logged in at domain.com and the browser isn't sending the relevant sentinel cookies. The Sentinel docs doesn't mention anything about this.

If my suspicions are correct how can I allow Sentinel authenticate a user for both api.domain.com and domain.com? If my suspicions aren't correct, what is happening here?

Zaki Aziz
  • 3,592
  • 11
  • 43
  • 61
  • Sentinel should be using Laravel's Cookie jar here, and so if your `session.cookie` config property is set properly, it should be picking it up. What does your console say about the cookie's domain? – Mike Rockétt Jan 27 '16 at 04:32
  • In `config/session.php` I've changed `'domain' => null` to `'domain' => '.domain.com'` but still no luck – Zaki Aziz Jan 27 '16 at 06:14
  • `null` *should* be the correct setting for multi-domain. If I'm not mistaken, the normal authentication driver handles this correctly. As such, perhaps it is worth opening an issue over at Sentinel's GH repo. – Mike Rockétt Jan 27 '16 at 13:16

0 Answers0