2

I am using Laravel 8 with Fortify. Users on my site can make actions that create database records before logging in, associated by their session ID. Once they log in or register, I need to find the records by session ID and assign their user ID instead.

Being a newbie to Laravel, I don't know (and can't find any other relevant questions relating to Fortify) where to place the code to do this. Please can someone point me in the right direction?

Improve this question
2
  • what have you done so far? Commented Apr 15, 2021 at 15:49
  • I've installed Fortify and got the registration and login processes working Commented Apr 15, 2021 at 15:54

1 Answer 1

Reset to default
3
+50
  1. Use built-in Laravel authentications events

You could use the built-in laravel authentication events, and hook on the login or register one to do your own business. So you would need:

  • create a new Event listener for the Illuminate\Auth\Events\Registered or Illuminate\Auth\Events\Login event. This listener will handle your customs business. The Login event already sets the user as a parameter so it'll be available in your Listener. enter image description here
  • edit your EventServiceProvider to add your new listener configuration as per documentation
  • you then need your Session ID. If you cannot easily override the default Login event to add your custom parameter, you may need to create your own event for your listener. As it's not recommended to use Session or Request helpers from an event listener (see my notes below) (edited line after some research)
  • run composer dump-autoload && PHP artisan clear-compiled

2 - going with Fortify

As per documentation, you could use the Fortify::authenticateUsing method to override the login process. You could also "hook" to the registration process.

From here what you could do:

  • keep the authenticateUsing or register process as they are (or replicate the default behavior as you don't need to change the auth process provided by Fortify)
  • add to the one you want (login success or register success), a new Laravel event that will be triggered only on successful login and/or successful register
  • you can then handle your custom queries from the event listener. Your event can receive the corresponding user, and the session parameter from the $request parameter in Fortify::authenticateUsing, or request(), or Session helpers.

Note: you may need to send the full session ID as event parameter, to make it available in your listener.

If you use queued events, and your driver is not sync. And so, you have another server listening and executing your queued jobs/events, or a CRON, or supervisor. In these kinds of cases, the Laravel Session helpers on your "task server" or "listener" may not work as expected. As it's another PHP process that's running the listener business, not the one from the user.

So the "frontend" server handling the user request must add to the dispatched Event all the required data (builtin Login event already has the user as a parameter), that the "task server" cannot get from the database (User can be retrieved from DB (see documentation about Event parameters injection and Serialized model), Session params cannot as they are "user session" specific).

I don't know if you'll be able to override the Login event to add your session parameter, but I think it'll be easy to google about Laravel Login custom events. Those are not required if you don't queue your job, and so they are executed synchronously by the same PHP process and server.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Thank you for your help. I ended up going down the Event listener route and that turned out to be very simple. In fact, I only needed to create a listener for the Login event as this is also called upon successful registration.
Exactly. Have you thought about how will you send the session parameter you need to your listener?
As the listener is not queued I have access to the session. What I did notice, however, was that the session ID (retrieved using Session::getId()) changed after the user was logged in for some reason. I worked around this by generating a unique ID when storing data pre-authentication, and using that to link records post-authentication.
Great, glad you worked it out. Remember to update if someday you start using queued events.
Careful: you should never edit the vendors file, as your edits will be deleted on next composer install or update. Are you sure that even if the session_id is changed on login, that the data stored in session are also lost? If not you could store something in session to match it later. Or you can also use a Cookie that the user will send back on every request.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.