1

I've been using the session in laravel to tie down unauthenticated users to quotes. But I'm running into an issue that I cannot get my head around and have a feeling it has something to do with the magic parts of Laravels back end.

Here is my code:

$session_id = session()->getId();

$booking = Booking::create([
    'trip_start_date' => $request->pickup_date,
    'trip_start_time' => $request->pickup_time,
    'token' => $session_id,
    'ip' => $request->ip(),
 ]);

 session()->put('at_token', $session_id);

But then when validating the tokens in middleware, the tokens are completely different.. as logged in my file:

AT_TOKEN       [pjIGjpuz0tRT0mjLTtdwgzTCDXrdwRCJssgJ1ukE]
BOOKING TOKEN  [3fcjAzdKTOv2IGy3Zw7skh2c9PqN9O9G98BVbAO0]

I see the token in the session looks like a session ID but the one from the DB seems to be unlike a session ID... any help would be greatly appreciated.

EDIT: Middleware... Although this is clearly working, the tokens do not match but when storing the session ID to the session and the DB, I use the same variable so how can they not be the same?!

//user not logged in, check session
                if (session()->has('at_token')) {
                    $token = session()->get('at_token');
                    if ($token == $booking->token) {
                        //user has the token, give them access
                        return $next($request);
                    }else{
                        Log::info("AT_TOKEN [$token] DOES NOT EQUAL THE BOOKING TOKEN [$booking->token]");
                    }
                }else{
                    Log::info('NO AT_TOKEN');
                }
Improve this question
3
  • 1
    Can you show the implementation of middleware? Commented Jul 23, 2019 at 12:22
  • Initially what we can say is that the session is not rightly configured or there must be a permission issue or something. Its acting weirdly because the session is not saved so everytime you call the session you get different token. Commented Jul 23, 2019 at 12:25
  • Middleware has been added @UjjwalNepal ... But I use the same variable when assigning the value to the session and the DB, so how can they be different? Commented Jul 23, 2019 at 12:38

1 Answer 1

Reset to default
1

The solution for your problem is here. https://laravel.com/docs/5.6/middleware#registering-middleware

also here https://laravel.com/docs/5.2/routing

The document states that by default the session is used inside middlewareGroups rather than middleware which is not assigned to the routes but rather assigned to web middleware. So the solution is to move the line 

\Illuminate\Session\Middleware\StartSession::class,

to 

protected $middleware = [
..........
\Illuminate\Session\Middleware\StartSession::class  
........
]

Now your session will persist.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The session ID is taken and stored in a variable which is then stored in the session and in the DB on a booking model... The value of the session token is the same as the session ID, the one in the DB seems to be wrong? I am really confused with this one
Actually, just done some more checking, the DB value is correct... Will try your method and let you know how it goes
Thank you for your help, I was too sure that the session token was the correct version, rookie mistake!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.