Set path in cookie - Githubissues

cesargb / laravel-magiclink

Create link for authenticate in Laravel without password or get private content

MIT License

383 stars 44 forks source link

Set path in cookie #41

Closed danielbehrendt closed 2 years ago

danielbehrendt commented 3 years ago

I think it would be better to set the "path" in cookie to the current path of the request instead of setting it only to "/"

cookie(
    'magic-link-access-code',
    encrypt($request->get('access-code')),
    0,
    $request->getPathInfo()
)

otherwise all MagicLinks with the same access code will be visible if this was entered already on another link.

cesargb commented 3 years ago

In that case, the cookie stored in the browser would expose the URL that allows the action. A possible solution would be to encrypt this data together with the access code in the cookie value.

danielbehrendt commented 3 years ago

Yes, you're right. But your suggestion sound like a good solution.

danielbehrendt commented 3 years ago

@cesargb Do you hav any plans to integrate this and do a new release?

cesargb commented 3 years ago

@danielbehrendt if you want, you can send a PR