k2so-dev / laravel-nuxt

Laravel and Nuxt.js boilerplate designed for development with maximum API performance, ready-made authorization methods, image uploading with optimization, user roles, device management
MIT License
189 stars 34 forks source link

Loss user context with SSR in production #10

Closed jerryklimcik closed 2 months ago

jerryklimcik commented 2 months ago

Hi, first of all, thank you very much for your work, I appreciate it.

Unfortunately, when I log in and refresh the page, the cookie is removed and I lose the user context, so I'm like logged out. If I disable SSR everything works fine. This only happens in production, I can't replicate it locally. I've also noticed that this is a fairly common problem, but unfortunately I can't get past it.

I'm using Laravel Forge for deployment and I have two sites, backend (api.domain.com) and frontend (domain.com). I'm pretty sure there's some configuration issue but I can't find where it is. For some reason the Forge removes the `.env' content for the frontend, so I had to replace it with specific values. I'll get into why this is happening later. I'm not using Octane.

In nuxt.config.ts I have:

  runtimeConfig: {
    apiLocal: 'https://api.domain.com',
    public: {
      apiBase: 'https://api.domain.com',
      apiPrefix: '/api/v1',
      storageBase: 'https://api.domain.com/storage/',
      providers: {
        google: {
          name: "Google",
          icon: "",
          color: "gray",
        },
      },
    },
  },

And in .env:

APP_URL="https://api.domain.com"
API_LOCAL_URL=https://api.domain.com
FRONTEND_URL=https://domain.com
HOST=https://domain.com
PORT=443
SESSION_DOMAIN=.domain.com

Do you have any idea what might be causing this? 🙏

k2so-dev commented 2 months ago

@jerryklimcik Hi, thanks for the feedback.

I think there is a problem with the API_LOCAL_URL variable - in fact, it should be a variable with the Laravel IP and port. It is needed so that the Nuxt backend (with SSR mode enabled) accesses the host by a local address, and not by an external one. Most likely, you need to specify the local address of the Laravel container in API_LOCAL_URL.

This is how it should work: When requesting the Laravel backend, Nuxt passes the user's real IP address in a separate "x-forwarded-for" header (here ./nuxt/app/plugins/app.ts). In Laravel, the IP address in the request is defined as local, so there is a trust proxies configuration in the file: "./bootstrap/app.php", which allows you to use the IP address from the header instead of the local IP address.

jerryklimcik commented 2 months ago

@k2so-dev I tried to use a private IP but I had no luck. The thing is, that the cookie is removed when I refresh the page, so there's no backend request. And I didn't find why a cookie is deleted and where :suspect:

k2so-dev commented 2 months ago

@jerryklimcik Make sure that in the .env file AUTH_GUARD=api Make sure that the guard_name column in the roles table has a value of api. If it does not, re-migrate or change the value in the table to api.

Try clearing the cache and re-caching with the commands:

php artisan optimize:clear
php artisan optimize

I don't know what else the problem could be. Unfortunately, I have no experience working with the Laravel Forge service.

jerryklimcik commented 2 months ago

Still nothing, I guess there will be a Forge setting so I'll try to find out. Anyway, thanks for your time, I close this thread 👍