Using laravel 11 cookie to manually authenticate a request

Question

im trying to authenticate a request sent from the front end from another domain i tried to set the 'Cookie' header with the cookie value but it was blocked by the browser ,so i did the following

headers: {
                'Authorization': 'Bearer ' + sessionStorage.getItem('Cookie'),
            }

my plan now is to create a middleware and im familiar with the method

$request->bearerToken()

but im not sure how to use the cookie i got to authenticate the request, im using laravel 11

Not sure what you are asking here. It sounds to me like you're trying to send cookies through the authorization header which is a bit odd (and probably won't work) — apokryfos
– apokryfos, Commented May 25, 2024 at 7:17
the value stored is the actual session cookie of the user, and i have no issues renaming the name of the header, i dont know if laravel has a custom header field like X-LARAVEL-COOKIE or whatever that may trigger the authentication, but what i want to achieve is to identify the user based on the value of that header (which is the actuall cookie) — naoru
– naoru, Commented May 25, 2024 at 7:21
It's hard to understand. Where does the cookie come from? How was it stored into the sessionStorage? — Olivier
– Olivier, Commented May 25, 2024 at 7:34
im maintaining a legacy code, the user is redirected to another domain, and there the js code does this sessionStorage.setItem('Cookie', document.cookie); later on the flow of the js code it makes a request to the server, once it was self hosted ,so the request was authenticated, however how, its on another domain but i can still pass the cookie value, i hope it helps to clarify — naoru
– naoru, Commented May 25, 2024 at 7:48
If the user is redirected to another domain, then the cookie is not accessible anymore. document.cookie gives only the cookies associated with the current domain. — Olivier
– Olivier, Commented May 25, 2024 at 8:06

naoru · Accepted Answer · 2024-05-25 17:50:10Z

0

since i already had the cookie, i modified the client code like this

$.ajax({
            type: 'POST',
            url: _apiUrl,
            data: JSON.stringify(new _Model(packageName)),
            success: _receive,
            error: function(){setTimeout(function(){_send(packageName);}, 1000);},
            contentType: 'application/json',
            xhrFields: {
                withCredentials: true
            }
        });

the withCredentials flag the set the cookie header on the request allowing for laravel auth mechanism to validate this request

answered May 25, 2024 at 17:50

naoru

2,2476 gold badges41 silver badges63 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

Abdulla Nilam Over a year ago

it would be nice and mode ideal if you use middleware

Collectives™ on Stack Overflow

Using laravel 11 cookie to manually authenticate a request

1 Answer 1

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related