P
P
photosho2016-01-10 23:25:02
Laravel
photosho, 2016-01-10 23:25:02

Why is a page reload required to save a session?

Hello. All the same problems with authorization, but the question is already different, so I create it in a separate topic. So, the problem is:
I create an authorization form through AJAX - this is not a form in terms of HTML, it is not submitted by the "Submit" button, but AJAX makes some request to the server, the server, in turn, checks the correctness of the entered data, and if everything is entered correctly , invokes the user's authorization code:

$result = \Auth::attempt([
  'username' => $login,
  'password' => $password
], $remember);

And returns some result to the browser. As we have seen before , in this situation the server creates a session, but after reloading the page, the session is deleted for some reason.
Interestingly, if you call the redirect function after the above code, the session will be created correctly: You
if ($result) return redirect()->intended('/');
can redirect anywhere. There is just another problem. An AJAX request should return some result of its work to the browser so that, in case of a successful login, the browser reloads the page. If the script called by the browser is redirected to another page, then the browser does not receive a response, instead it receives a 302 redirect message in the called script.
If you catch this message (302) and refresh the page in the browser when it is received, then the page will refresh quickly, and the server will not have time to process the redirects in its script, as a result of which the screen will still have the same login button, and only after another reload page we will see the inscription "You are logged in".
I'm afraid to refresh the page in the browser with some delay, since this solution seems unstable - there may be situations when the server still does not have time to process the redirect before the browser refreshes the page.
As a result, the question is: what does the server do before it reboots, which allows it to save the session (why is it not saved by the "attempt" function,

Answer the question

In order to leave comments, you need to log in

2 answer(s)
P
photosho, 2016-01-11
@photosho

Each page refresh creates 2 Cookie records: "XSRF-TOKEN" and "laravel_session". With a normal AJAX authorization request, no more Cookies are created. When making an AJAX request and then redirecting the PHP script to any page, another Cookie entry appears in the browser. All entries are linked to the site's root directory ("/").
Moreover, after such a request, the page from which authorization was made receives a response to its POST request with the code "302" + some successful GET request from the address where the PHP script was redirected.
I don’t know how correct this is, but from all of the above, I conclude that the final redirect of the PHP script is needed to update the Cookie entry in the browser (I don’t know how yet), and hence the authorization confirmation. Without this entry in Cokie, the user could not be considered authorized, and a simple reload of the page in the browser allegedly "removed the authorization." Why the user was considered authorized in the same session - I don’t know yet either, perhaps information about him was somehow cached in variables on the server.
Solved the problem in the following way. Since after redirecting the PHP script on the server to the open page with the authorization form, a GET request was returned, I concluded that the page to which the redirect is going is still associated with our AJAX function. Therefore, I put the redirect in the PHP script on the page "/login/final/", where I wrote a single line:
As expected: this array was returned to the browser after the script was executed, and by the value of "update" of the "redirect" parameter, the browser updates the current page. Authorization works.
Thank you all for your help, the advice to "look into Cookies" put me on the right path.

E
Eugene, 2016-01-10
@Nc_Soft

/**
         * Attempt to authenticate a user using the given credentials.
         *
         * @param array $credentials
         * @param bool $remember
         * @param bool $login
         * @return bool 
         * @static 
         */
        public static function attempt($credentials = array(), $remember = false, $login = true){
            return \Illuminate\Auth\Guard::attempt($credentials, $remember, $login);
        }

Should authorize immediately, you have something with sessions / cookies

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question