2

I've been stuck for two days now and here is my problem:

I'm looking at a weird behaviour of a laravel app that I didn't develop but I have the responsibility to figure out what's happening. I set up a laravel app behind AWS ELB with session handled by memcached ( AWS elastic cache). Sometimes everything works great and then something weird happens:

When the user logs in, navigates in the app, does stuff, somehow it shows him the login page. The thing is that when I remove /login from the address bar and replace it with /homepage, after some tries it passes; it displays the homepage that cannot be accessible without being logged in. This shows that the user is not logged out at and that something is not set up properly.

After investigating on this, this is the best explanation I can formulate: In Laravel, there is the Catalyst/Sentry package that handles the authentication related tasks. When a user logs in, it saves it's IP ( in this case it's ELB'ip) and because the elb's IP is changing, when the user clicks on a link after the ELB IP changes has occurred, the application considers the request as invalid ( I'm just thinking out loud ) and shows the user the login page.

Is this a common problem!? If so how can I solve this!?

Any help is much appreciated. Thank you very much.

another geek
  • 361
  • 4
  • 15
  • A naïve -- and probably *wrong*, or at least suboptimal -- solution would be enabling [sticky sessions](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-sticky-sessions.html) in the ELB, which will probably hide the problem until you can find and fix it for real. ELB sets the `X-Forwarded-For` header to the client IP, so if your theory is right, there should be a solution involving that, but Laravel is outside my scope of expertise. I do suspect you aren't the first to encounter this and there is probably a more correct solution. – Michael - sqlbot May 24 '16 at 01:07

1 Answers1

1

This looks like a memcached issue here. What sentry uses to identify if you are a valid user is something called persist code. If my raisonning is correct, your persist code changes with no clear reason (other than a memcached misbehaving). Use redis instead, works perfectly.

Abdelaziz Dabebi
  • 1,624
  • 1
  • 16
  • 21