search

nuxt-modules / strapi

Strapi Module for Nuxt
https://strapi.nuxtjs.org
MIT License
640 stars 81 forks source link

Strapi Login logout after page refresh #138

Closed tobias-srf closed 11 months ago

tobias-srf commented 3 years ago

I am having trouble keeping $strapi.user persistent. I can login fine and cookies and local storage is also set, but upon a page request the user gets logged out straight away.

Is this expected behaviour?

I have tried following:

  strapi: {
    url: "http://localhost:8086",
    key: 'authi_jwt',
    expires: '1d',  
    cookie: {}
  },

To keep the session from expiring ...

benjamincanac commented 3 years ago

Hey @tobias-srf,

The user might be getting logged out when the GET /users/me call fails.

Otherwise, could you provide a reproduction link?

kainio commented 3 years ago

I have the same problem and i am getting 403 with GET /users/mewhen checking for $strapi.user

tobias-srf commented 3 years ago

Hi @benjamincanac I currently don't have any reproduction link, just running localhost. However, I am also using nuxt-i18n and I have noticed that it creates more than one cookie for different urls.

Could this be the issue? When is the GET /users/me called?

grafik

benjamincanac commented 3 years ago

@tobias-srf Have you tried forcing the cookie path?

strapi: {
    expires: '30d',
    cookie: {
      path: '/'
    }
}
benjamincanac commented 3 years ago

@kainio You might need to set authorizations for /users/me route in your Strapi API.

tobias-srf commented 3 years ago

@tobias-srf Have you tried forcing the cookie path?

strapi: {
    expires: '30d',
    cookie: {
      path: '/'
    }
}

Ok that is much better, only one cooke now. Login problem is, however, still prevailing, but now the cookie is deleted...

kainio commented 3 years ago

@benjamincanac my bad, i created an new role but forgot to add 'User.me'. thanks

tobias-srf commented 3 years ago

@benjamincanac I am doing SSR and following code will tell me that I am logged out on a page refresh, so the issue still prevails!

export const actions = {
  nuxtServerInit(vc, context) {
    console.log("### nuxtServerInit ###")

    if (context.$strapi.user) {
      console.log(context.$strapi.user.username)
    } else {
      console.log("ok not logged in INIT!")
    }
    ...
tobias-srf commented 3 years ago

Your wrote: The user might be getting logged out when the GET /users/me call fails. @benjamincanac how can I debug that?

I see no such request being sent to any /user/me endpoint ever ...

benjamincanac commented 3 years ago

@tobias-srf Could you share the code you're using to login your users?

tobias-srf commented 3 years ago

@benjamincanac nothing spectacular here ...

<template>
  <div class="w-4/5 mx-auto md:w-1/2 text-center my-12">
    <div v-show="error !== ''" class="p-3 border">
      <p>{{ error }}</p>
    </div>
    <h1 class="font-bold text-2xl md:text-4xl mt-5">Login</h1>
    <form @submit="loginUser">
      <div>
        <input
          v-model="identifier"
          class="p-3 my-5 border w-full"
          type="email"
          placeholder="email"
        />
      </div>
      <div>
        <input
          v-model="password"
          class="p-3 my-5 border w-full"
          type="password"
          placeholder="password"
        />
      </div>
      <div>
        <button
          :disabled="identifier === '' || password === ''"
          class="button--green"
          type="submit"
        >
          Login
        </button>
      </div>
    </form>
  </div>
</template>
<script>
export default {
  data() {
    return {
      identifier: '',
      password: '',
      error: '',
    }
  },
  methods: {
    async loginUser(e) {
      e.preventDefault()
      try {
        const user = await this.$strapi.login({
          identifier: this.identifier,
          password: this.password,
        })
        console.log(user)
        if (user !== null) {
          this.error = ''
          this.$nuxt.$router.push(this.localePath('auth-profile'))
        }
      } catch (error) {
        this.error = 'Error in login credentials'
      }
    },
  }
}
</script>
benjamincanac commented 3 years ago

Once you've logged in, your getting disconnected upon refresh? At this moment, don't you see a GET /users/me route getting called in your Strapi API?

Also, have you tried not to override the cookie key (strapi.key)? Maybe the issue lives there.

tobias-srf commented 3 years ago

I have removed the overwriting of strapi.key and logged in twice.

my node console shows a POST /auth/local but not more ... grafik

tobias-srf commented 3 years ago

I log in and get a perfect redirect to my profile page (as in login code above). Username is shown etc ... if I browser refresh the profile page (F5 or browser refresh arrow icon) the cookie disappears and I am being redirected to /home which the middleware does when I am trying to see a guarded page and not being logged in ...

tobias-srf commented 3 years ago

@benjamincanac I think I found the issue. I am using docker and run nuxt and strapi on the same instance. I have a port forwarding set aside for either application. If I tell nuxt to use the port forwarded port for strapi I get the issue.

If I use the internal url via nuxt 127.0.0.1:1337 I get the /user/me GET call and everything is fine and the user stays logged in!

So it looks like it is a partial network issue ....

benjamincanac commented 3 years ago

Glad you found the source of your problem, unfortunately I might not be able to help you on this.

Feel free to open a pull request on the documentation explaining this.

tobias-srf commented 3 years ago

I guess the issue is that the strapi module does not respect the strapi { url: 0.0.0.0:<port> } settings all the way and gets bogged down when doing authentication requests, but they never reach the strapi endpoint ... So there might be stil a bug ...

pixelscript-io commented 3 years ago

@tobias-srf I fixed this issue by completely clearing the application cache (I was using Google Chrome) and modifying my options object to the following:

strapi: {
  url: 'https://strapi.mydomain.net',
  key: 'authToken',
  expires: '7d',
  cookie: {
    sameSite: true,
    path: '/'
  }
}

Upon inspecting my Network tab when it would redirect me to /login and display I wasn't logged in, I found some duplicate cookies which I'm assuming is what was causing the issue. I hope this helps!

adhamfarrag commented 2 years ago

I applied the same but it still doesn't work for me. @pixelscript-io does the same issue still happen with you after anytime soon ?

LucaMargadant commented 1 year ago

@benjamincanac I think I found the issue. I am using docker and run nuxt and strapi on the same instance. I have a port forwarding set aside for either application. If I tell nuxt to use the port forwarded port for strapi I get the issue.

If I use the internal url via nuxt 127.0.0.1:1337 I get the /user/me GET call and everything is fine and the user stays logged in!

So it looks like it is a partial network issue ....

Thank you! For me this worked. Setting an url to the strapi module fixed the issue. While local development the call to strapi was over localhost. Changing strapi's url in nuxt config to http://127.0.0.1:1337 fixed it.

expires: '30d', url: http://127.0.0.1:1337, cookie: { path: '/', },