0

I want change default cookie remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d to myprefix_web_59ba36addc2b2f9401580f014c7f58ea4e30989d

I find code in Illuminate\Auth\SessionGuard

/**
 * Get the name of the cookie used to store the "recaller".
 *
 * @return string
 */
 public function getRecallerName() {
   return 'remember_'.$this->name.'_'.sha1(static::class);
 }

How i can create custom SessionGuard? Somebody can help me?

Dean
  • 415
  • 1
  • 5
  • 15

1 Answers1

1

Since the built in SessionGuard does not have a way to change this, you will need to create your own Guard class to override the method, and tell Auth to use your Guard class. This information is also explained in my answer here, which explains how to customize the TokenGuard.

First, start by creating a new Guard class that extends the base SessionGuard class. In your new Guard class, you will override the getRecallerName() method to return the name you want. In this example, it is created at app/Services/Auth/MySessionGuard.php:

namespace App\Services\Auth;

use Illuminate\Auth\SessionGuard;

class MySessionGuard extends SessionGuard
{
    /**
     * Get the name of the cookie used to store the "recaller".
     *
     * @return string
     */
    public function getRecallerName()
    {
        return 'myprefix_'.$this->name.'_'.sha1(static::class);
    }
}

Once you've created your class, you need to let Auth know about it. You can do this in the boot() method on your AuthServiceProvider service provider:

public function boot(GateContract $gate)
{
    $this->registerPolicies($gate);

    Auth::extend('mysession', function($app, $name, array $config) {
        $provider = $this->createUserProvider($config['provider']);

        $guard = new \App\Services\Auth\MySessionGuard($name, $provider, $app['session.store']);        

        // When using the remember me functionality of the authentication services we
        // will need to be set the encryption instance of the guard, which allows
        // secure, encrypted cookie values to get generated for those cookies.
        if (method_exists($guard, 'setCookieJar')) {
            $guard->setCookieJar($app['cookie']);
        }
        if (method_exists($guard, 'setDispatcher')) {
            $guard->setDispatcher($app['events']);
        }
        if (method_exists($guard, 'setRequest')) {
            $guard->setRequest($app->refresh('request', $guard, 'setRequest'));
        }

        return $guard;
    });
}

And finally, you need to tell Auth to use your new mysession guard. This is done in the config/auth.php config file.

'guards' => [
    'web' => [
        'driver' => 'mysession',
        'provider' => 'users',
    ],
],
Community
  • 1
  • 1
patricus
  • 59,488
  • 15
  • 143
  • 145
  • Why is `sha1(static::class)` added to the name? – Andy White Jul 03 '18 at 13:58
  • the only benefit i can think of adding sha1 of the class namespace + name is so you can know which class set which session variable, making it harder for clashes between different classes. It also looks cryptic, but seems to provide little security benefit. – Nick Whiu Jul 10 '18 at 04:19
  • Tried this in Laravel 5.8 and got `Call to undefined method App\Providers\AuthServiceProvider::createUserProvider()` – Adam Apr 06 '21 at 18:14
  • Looks like one has to get the provider like this: `$provider = resolve('auth')->createUserProvider($config['provider']);` – Adam Apr 06 '21 at 18:20