jjba23
commented
4 years ago To be more clear, the login request does return a session cookies but the browser does not save it for some reason, I have tried all settings.
Closed jjba23 closed 4 years ago
jjba23
commented
4 years ago To be more clear, the login request does return a session cookies but the browser does not save it for some reason, I have tried all settings.
fdalcin
commented
4 years ago @averageflow are you running with php artisan serve?
If so, it runs on port 8000 by default.
Changing your .env to: SANCTUM_STATEFUL_DOMAINS=localhost:8000 should work.
See PR #155
jjba23
commented
4 years ago @fdalcin thanks for the reply, yes indeed i run artisan serve, will be experimenting tomorrow with that! Awesome
fdalcin
commented
4 years ago Then you'll have to add both as follows:
SANCTUM_STATEFUL_DOMAINS=localhost:3000,localhost:8000.
jjba23
commented
4 years ago By the way my frontend runs separately from Laravel, as a standalone on port 3000 Arguably this is a breaking change and one that is totally not documented and thus the tag should be renamed to 3.0 @taylorotwell @fdalcin @RahulDey12
RahulDey12
commented
4 years ago @averageflow see the issue was coming before #150
peric0
commented
4 years ago I have the same problem after update, update env SANCTUM_STATEFUL_DOMAINS = localhost: 8000 but the problem continues "http: // localhost: 8000 / api / login 500 (Internal Server Error)"
RahulDey12
commented
4 years ago @peric0 SANCTUM_STATEFUL_DOMAINS = 127.0.0.1:8000 if you are using laravel development server.
jjba23
commented
4 years ago @peric0 @RahulDey12 The fix for me was to use SANCTUM_STATEFUL_DOMAINS=localhost:3000 since that is where my frontend is hosted. I have Laravel API running on port 8001 and frontend on 3000. This works for me now, full config:
COOKIE_SAME_SITE_POLICY=strict SESSION_DOMAIN=localhost SANCTUM_STATEFUL_DOMAINS=localhost:3000 SESSION_DRIVER=cookie SESSION_LIFETIME=120 SESSION_SECURE_COOKIE=false
jjba23
commented
4 years ago We should definitely document this in the Laravel website. It is too much of a breaking change. Thanks for the help too!
RahulDey12
commented
4 years ago @averageflow I will try to PR on docs
driesvints
commented
4 years ago I'm a bit torn between this being a breaking change or a documentation issue. Gonna try to get @taylorotwell to help look into this.
peric0
commented
4 years ago My application is a SPA running at http: // localhost: 8080 and laravel application at localhost: 8000, the problem was solved with the following parameters in env.
SANCTUM_STATEFUL_DOMAINS = localhost: 8080 SESSION_DOMAIN = localhost
according to what @ RahulDey12 # 149 mentioned, the guard should be "sanctum" but that did not work for me, use "web" I don't know if it will be the right thing?
Thank you very much to all.
@averageflow @ RahulDey12
driesvints
commented
4 years ago We've decided that we won't be reverting the PR that caused this because that would re-introduce https://github.com/laravel/sanctum/issues/150. We think it's probably best that you include the port anyway and that it was never really intended to work without it. We'll update the docs for this.
RahulDey12
commented
4 years ago My application is a SPA running at http: // localhost: 8080 and laravel application at localhost: 8000, the problem was solved with the following parameters in env.
SANCTUM_STATEFUL_DOMAINS = localhost: 8080 SESSION_DOMAIN = localhost
according to what @ RahulDey12 # 149 mentioned, the guard should be "sanctum" but that did not work for me, use "web" I don't know if it will be the right thing?
Thank you very much to all.
@averageflow @ RahulDey12
I told that for login with API token, not for the stateful requests. if you wanna use both you can use like this: auth:web,sanctum
jjba23
commented
4 years ago I agree, specifying the port is better, makes more sense but in fact should be documented
driesvints
commented
4 years ago It's documented now: https://github.com/laravel/docs/pull/6105
ianrussel
commented
4 years ago Then you'll have to add both as follows:
SANCTUM_STATEFUL_DOMAINS=localhost:3000,localhost:8000.
SESSION_DOMAIN=localhost // works for me
Description:
On Sanctum 2.3 I do not have any problems, auth works greate with my Vue.js SPA. Once I update to 2.4 logging in with secure cookies works fine on deployed application, but local development is rendered useless since I cannot login.
Steps To Reproduce:
Update to 2.4 and use the following configuration:
COOKIE_SAME_SITE_POLICY=strict SESSION_DOMAIN=localhost SANCTUM_STATEFUL_DOMAINS=localhost SESSION_DRIVER=cookie SESSION_LIFETIME=120 SESSION_SECURE_COOKIE=false