5

I'm having problems with Auth::check() in subdomain via ajax requests.. Scenario: 2 subdomains

www.testing.dev api.testing.dev

Single login/session between those two.. in the laravel config/session.php i have set 'domain' => ".testing.dev", and everything is working fine, i'm able to login in one page and continue to be logged in the other page also!

But when i use ajax there is a problem.. scenario: being in the api.testing.dev, i perform with firebug, js, whatever

$.ajax({ url: 'http://api.testing.dev/who', type: 'GET', cache: false });

the api.stesting.dev/who returns:

public function getWho(){ return var_dump( Auth::user() ); }

The response is the information of my account! all correct..

if from the www.testing.dev i perform the same ajax query, i get Auth::check() returning null. Though i get normal response, so no problem with cross domain setup.. here are my headers in in the route for the api.testing.dev

header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT, DELETE'); header('Access-Control-Allow-Headers: *'); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Allow-Credentials: true');

The website is running in localhost with wamp.

Edit: with the default session driver 'driver' => 'file', after the initial login, in the app/storage/sessions there is one file. And if i go from one subdomain to another, no other files are generated. Though when i preform a CORS ajax, every time a new file is generated...

Improve this question
4
  • 1
    Experiencing exactly the same issue here. Commented Aug 12, 2014 at 20:07
  • Quick question, how you set up the domain of your cookies? Commented Sep 18, 2014 at 16:55
  • 1
    in the app/config/session.php file, set the 'domain' appropriately. (for a multi sub-domain site set it to ".site.com") Commented Sep 19, 2014 at 17:35
  • Same here! With Laravel 5.0 Commented Apr 10, 2015 at 17:25

1 Answer 1

Reset to default
1

Seeing your configuration, maybe you have the same problem that I had. I wasn't using Auth, but sessions and got null everytime. I solved it by changing this:

header('Access-Control-Allow-Origin: *'); ... header('Access-Control-Allow-Credentials: true');

to this:

header('Access-Control-Allow-Origin: http://localhost:9000'); ... header('Access-Control-Allow-Credentials: true');

The reason that I found is that when you use the credentials it needs to specify the origin for security purposes, and for the AJAX request it needs to specify the credentials, too. I use Angular and I did this with $httpProvider.defaults.withCredentials=true;, but I really don't know the corresponding instruction for jQuery, but I hope you can find it.

Check the headers of the request and responses with your favourite debugger (Firebug for me). They should have a cookie attribute (it contains something with "laravel", "token", etc.) that the second time should be equal to the first response header.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.