search

skn-036 / cms-role-permission-laravel-vue-spa

This repository uses PHP Laravel and Javascript Vue.js frameworks to implement Role Permissions management in CMS. Cookie based SPA authorization feature of Laravel Sanctum package is used to authorize the user inside the content management system. If a logged user has permission to do specific task, the link to visit the task and the page containing the task will be available to the logged user. Otherwise the page will be unavailable to the logged user with 401 unauthorized error even though try to access the route manually. This repo utilizes the SPA feature of Vue.js.
27 stars 15 forks source link

Unauthenticated when long job running #27

Closed shinnlu closed 1 month ago

shinnlu commented 2 months ago

Hi, The error occurred when i was running jobs for a long time, Unauthenticated usually happened. the problem was in AuthController->verify() function, Auth::id() returns empty when job running.

I open another browser when the job is running, CSRF token mismatch happened randomly.

skn-036 commented 2 months ago

Hi The issue is not not connected to this repo, rather than it is a issue with the laravel itself.

Laravel processes the jobs in another process rather than whether the server is running. So it is not possible to get authenticated user inside a job. If you need to access the authenticated user inside a job, you need to pass it to the constructor of the job class.

For the csrf token issue, it meant to protect your browser session. It won't protect sessions of the other browser. I think, the issue has nothing to do with this repo.

Hope this clarify the issues. Thanks

shinnlu commented 2 months ago

Thanks for the reply, i didn't mean to access authenticated user in job. when I dispatch a long run job to background (with QUEUE_CONNECTION=database), the frontend gets Unauthenticated frequently.

skn-036 commented 2 months ago

Thanks for the added info. Are you locking the users table while processing on the background? Because on the frontend when route changes, it sends a http request to sync auth user using AuthController@verify method. As it is returning null, Please have a look on the background process logic and make sure that user table is not locked and laravel authentication logic works as expected during the job processing.

In general, using database queue_connection for job processing is not a good idea because of the database transactions and dead locks. Firstly you can try with after_commit: true on the database queue config. If not solved, you should test with using something like redis. you may look into the following: https://laravel.com/docs/11.x/queues#jobs-and-database-transactions https://github.com/laravel/framework/issues/31660

I am pretty sure, this problem is not related to this repo.

shinnlu commented 2 months ago

The dispatched job was not related with users table, it's fetch data from Api and write to database with no transaction. and the route didn't change, the error occurs while i load next page from pagination. I have changed queue_connection to redis and with after_commit: true, still same issue. I have checked the request header from chrome inspect, there are the same with success and failed request, error occurs randomly.

skn-036 commented 1 month ago

Hi Please reproduce and share the usecase if possible. Without the exact usecase, I am not able to resolve the issue.

skn-036 commented 1 month ago

As no activities on this issue. Closing this.