Answer the question
In order to leave comments, you need to log in
Why is a page reload required to save a session?
Hello. All the same problems with authorization, but the question is already different, so I create it in a separate topic. So, the problem is:
I create an authorization form through AJAX - this is not a form in terms of HTML, it is not submitted by the "Submit" button, but AJAX makes some request to the server, the server, in turn, checks the correctness of the entered data, and if everything is entered correctly , invokes the user's authorization code:
$result = \Auth::attempt([
'username' => $login,
'password' => $password
], $remember);
if ($result) return redirect()->intended('/');
Answer the question
In order to leave comments, you need to log in
Each page refresh creates 2 Cookie records: "XSRF-TOKEN" and "laravel_session". With a normal AJAX authorization request, no more Cookies are created. When making an AJAX request and then redirecting the PHP script to any page, another Cookie entry appears in the browser. All entries are linked to the site's root directory ("/").
Moreover, after such a request, the page from which authorization was made receives a response to its POST request with the code "302" + some successful GET request from the address where the PHP script was redirected.
I don’t know how correct this is, but from all of the above, I conclude that the final redirect of the PHP script is needed to update the Cookie entry in the browser (I don’t know how yet), and hence the authorization confirmation. Without this entry in Cokie, the user could not be considered authorized, and a simple reload of the page in the browser allegedly "removed the authorization." Why the user was considered authorized in the same session - I don’t know yet either, perhaps information about him was somehow cached in variables on the server.
Solved the problem in the following way. Since after redirecting the PHP script on the server to the open page with the authorization form, a GET request was returned, I concluded that the page to which the redirect is going is still associated with our AJAX function. Therefore, I put the redirect in the PHP script on the page "/login/final/", where I wrote a single line:
As expected: this array was returned to the browser after the script was executed, and by the value of "update" of the "redirect" parameter, the browser updates the current page. Authorization works.
Thank you all for your help, the advice to "look into Cookies" put me on the right path.
/**
* Attempt to authenticate a user using the given credentials.
*
* @param array $credentials
* @param bool $remember
* @param bool $login
* @return bool
* @static
*/
public static function attempt($credentials = array(), $remember = false, $login = true){
return \Illuminate\Auth\Guard::attempt($credentials, $remember, $login);
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question