1

I have a login processing file in which I am attempting to set a cookie:

$expTime = time() + 3600;
$key = getenv("SECRET_KEY");
$token = array(
    "iss" => request()->getBaseUrl(),
    "sub" => [$user['id']],
    "exp" => $expTime,        
    "iat" => time(),
    "nbf" => time(),
    "is_admin" => $user['role_id'] == 1
);
$jwt = JWT::encode($token, $key);

$accessToken = new Cookie('access_token', $jwt, $expTime, '/', getenv("COOKIE_DOMAIN"));

redirect('/', ['cookies' => [$accessToken]]);

I'm using Firebase/JWT to include a JWT as the cookie value. The SECRET_KEY and COOKIE_DOMAIN are pulled in from my .ENV file.

I then call my redirect()

function redirect($path, $extra = []) {
$response = new Response(
    null,
    Response::HTTP_FOUND,
    array('location' => $path)
    );
    if (key_exists('cookies', $extra)) {
        foreach ($extra['cookies'] as $cookie) {
            $response->headers->setCookie($cookie);
        }
    }
    $response->send();  
}

I then test whether or not the cookie has been set in my index file:

if (request()->cookies->has('access_token')) {
    echo "Logged in";
} else echo "No cookie :(";

My problem is that my test is returning "No cookie :(".

Any help would be greatly appreciated.

If you prefer you can fork it on GutHub: jpradcliffe/user-authentication

jpradcliffe
  • 57
  • 7
  • Try using the variable (`['cookies' => [$accessToken]]`) instead of passing the ***string*** `'$accessToken'`. Since `$accessToken` is already a `Cookie` object, I think you can get away with `setCookie($cookie)` then as well. – rickdenhaan Jun 09 '17 at 22:37
  • Thank you for your suggestion @rickdenhaan, but unfortunately after implementing it I still get the same message. – jpradcliffe Jun 09 '17 at 22:58
  • @rickdenhaan UPDATE: By passing the variable: `(['cookies' => [$accessToken]])` instead of the string `'$accessToken'` I did get away with `setCookie($cookie)`. So, that did simplify my code. However, my cookie problem still remains. – jpradcliffe Jun 10 '17 at 13:53
  • Alright, can you check if there's anything at all in `request()->cookies->all()` or in `$_COOKIE`? – rickdenhaan Jun 10 '17 at 18:22
  • I just cloned your code and ran it locally on PHP 7, the cookie part works like a charm on my machine. However, there are two if-statements above this where you check if the user exists and if the password is correct. If not, you redirect the user before setting the cookie. Are you ending up in one of those conditions by any chance? – rickdenhaan Jun 10 '17 at 18:34
  • 1
    @rickdenhaan UPDATE: Thank you for your help on this. After telling me that the code worked on your machine I isolated the problem to be in my .env file. I set COOKIE_DOMAIN to localhost forgetting that I had cretaed a virtualhost under a different name. Small mistake I know but I wouldn't have thought of it without your help, so thanks. – jpradcliffe Jun 11 '17 at 17:43

1 Answers1

0

I finally resolved the issue with some help (see comments below). The code as it stands above is correct. The issue was in my .env file.

jpradcliffe
  • 57
  • 7