How is authentication implemented correctly?

C

Creed12342021-02-09 11:48:42

Laravel

Creed1234, 2021-02-09 11:48:42

I'm trying to implement authentication with and without the remember me function.

I implement it without the standard Auth::attempt($credentials, $remember)

logic. If the user has checked the remember me checkbox, I create a cookie for a while and write it to the hashing database.
Every time during routes, through middleware I check the identity of the cookie and the hash of the database entry.
If everything is ok, I skip it.

If the user does not put remember me, how to bypass the middleware to check for cookies?

If an additional condition in the middleware is to write a check whether the user is authorized

if (Auth::check()) {
return $next($request);
}

After closing the tab and reopening, the authorization lives with the session. If you enable deleting the session when the tab is closed, the remember me function through the cookie will stop working, because it will also be deleted.

Direct where to think

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

Evgeny Startsev, 2021-02-09
@jey_val_star

Every time during routes, through middleware I check the identity of the cookie and the hash of the database entry.
If everything is ok, I skip it.

umm , not quite correct cookie solution should only tell the server that the user has been authorized and it needs to be re-authorized if the session
is over... (the browser is closed) this user and creates a cookie the user left the site (closed the tab / browser), then returned - the server looks: - authorized? if not, maybe there is a cookie? there is a cookie - we authorize - that is, we create a new session, and if there are no cookies or it has already ended in time - then let it authorize on a new one