0

I am developing a mobile application with Cordova. I am writing the backend with laravel 10. I am using laravel sanctum for the token. I have written the login and user information retrieval api tips. I am testing the api tips in Postman. After logging in, I get a value called cookie laravel_session and I use the token returned by laravel as a bearer token. I send a request to the api tip to retrieve user information and since my session is active, I can successfully retrieve user information with Auth::user(). However, when I do this with cordova, I notice that every time I send a request to the laravel side, the session id changes when I return Session::getId(). I see that the session id, laravel_session value, appears on the cookie side, but the session id changes every time I send a request. What is the reason?

.env:

SESSION_DRIVER=database
SESSION_LIFETIME=120

Laravel UserController:

class UserController extends Controller
{
    public function index(Request $request)
    {
        $session = $request->post('session');
        return $request->session()->getId();
        $user = Auth::user();
        if($user) {
            return response()->json([
                'status' => 'success',
                'data' => $user
            ]);
        } else {
            return response()->json([
                'status' => 'error',
                'message' => 'Unauthorized'
            ], 401);
        }
    }
}

Cordova App.js:

$.ajax({
        url: 'http://localhost:5000/api/user',
        method: 'GET',
        headers: {
            'Authorization': 'Bearer ' + $token,
        },
        dataType: 'json',
        success: function(response) {
            console.log(response);
            localStorage.setItem("user", response.data);
            return response;
        },
        error: function(response) {
            console.log(response);
            app.views.main.router.navigate('/sign-in/', {reloadCurrent: true});
        }
    });

Login returned token & session id: enter image description here

immediately afterwards, when I send a request to the api endpoint to pull user information, the session id changed: enter image description here

but with the postman it's very different. We log in to the account: enter image description here

and then when we send a request to the api endpoint to pull user information, we see that our session id has not changed. enter image description here

I've searched all the similar threads on stackoverflow, github, laracast and tried all the solutions but my problem still persists. Can you please help me?

alp
  • 11
  • 1
  • If this is a cross-origin request, then you need to set `withCredentials` to true in your AJAX request, otherwise credentials such as cookies will _not_ be send. – CBroe Aug 25 '23 at 07:49
  • @CBroe yes I did this, now the session id is fixed. However, the session id returned in the login process and the session id returned at the api end of retrieving user information are different. – alp Aug 25 '23 at 08:12
  • 1
    I had the same problem, it was a browser extension (URLcleaner) that broke my session. Try in incognito mode to disable all extensions. – Daantje Aug 25 '23 at 08:19
  • @Daantje I tried that yes but the same problem persists. – alp Aug 25 '23 at 08:33
  • @CBroe When I make a login request, laravel_session is not created, I check it in the developer console. But when I make the second request, that is, to pull user information, a laravel_session cookie is created. Therefore, my session is invalid because the session id I logged in with and the session id saved in my browser afterwards are not equal. – alp Aug 25 '23 at 11:46
  • I also noticed that the session id changes with each request. I think it is a feature. – marius-ciclistu Aug 26 '23 at 23:12

0 Answers0