问题
I'm building a site with a dynamic subdomain system eg (name.domain.com). I'm using Ubuntu with laravel's serve command.
ive set it all up in my routes as so:
Route::domain('{x}.localhost')->group(function (){
Route::get('/url/', 'SomeController@someAction')->middleware('can:xyz,x')->name('someName');
});
Now, everything works great, apart from the fact Auth is subdomain locked
eg(xyz.localhost:8000/ , localhost:8000/) require separate logins.
after a bit of googling I read, I can overwrite this in the config/session.php file under 'domain'. So in my .env file I set up a new var for SESSION_DOMAIN and point it to ".localhost" or ".localhost:800" or just for testing I get the same with the IP 127.0.0.1 / :8000 as suggested however when I try to login my session is not valid right after login eg( i log in and get redirected to the correct route but my auth catches that I'm not logged in)
session config
'domain' => env('SESSION_DOMAIN', null),
my .env
SESSION_DOMAIN=.localhost
It seems like no cookies are being set for some reason?
Should probably note this is happening using both files and the database for sessions, I've also cleared out my cache and session storage each time along with cookies, etc.
-- I've tried everything I can think of over the last few days to solve this with no luck. Even on a fresh install of laravel the same issue is there.
I can log in with FF on the main URL, but on the sub URL I'm not logged in and I get a 419 if I try.
Any suggestions? Kind regards, Matt
-Edit
To reproduce on a new install of laravel, first, install the auth package:
composer require laravel/ui
php artisan ui vue --auth
npm run dev
Next, edit your .env file with your Mysql database info and add this line to the file:
SESSION_DOMAIN=.localhost
Last of all add this to your web.php routes file.
Route::domain('{foobar}.localhost')->group(function (){
Route::get('/test/', 'HomeController@index');
});
(i like to create an account here in the command line) Then push the default migrations and run the server and test by logging in on the home page and then any subdomain.
回答1:
Well its because of the localhost domain, instead use virtual domain like something.test and then set SESSION_DOMAIN=.something.test and clear out cache. localhost and 127.0.0.1 are not same origin so cannot set session.
回答2:
For your information, There is a cookies and session storage to persist the session and laravel also supports persisting the session in the database. session cookies have the domain to which it is accessible, so you need to configure the session.php file to adopt subdomains. single Auth is not working across all your subdomains because you haven't configured it well. Here is how you can do it.
You'll need to update the session configuration to persist the session in domain-wide including subdomains. Follow the steps given below.
Setup the virtual host first to use in the application. Then after you can use the virtual host for subdomains as well. For now you are using the
localhostwhich is not the domain at all. It's a loopback address in TCP/IP model. See rfc2606 definition.Go to
config/session.phpand update thedomainwith prefix.asconfig => '.your-domain.com'.Then clear your application cache, Open the Chrome DevTool and Go to Application > Application > Clear Storage. You'll need to clear out the previous cookies also.
run artisan command
php artisan config:cacheorphp artisan config:clearto drop previously cached laravel application configs.
If you are using database as the session driver, You need to create a session table for that. run command php artisan session:table to generate the session table migration and then migrate it using php artisan migrate. Then perform the four steps given above. You can refer to my similar answer which is logically same with your concern Here
来源:https://stackoverflow.com/questions/62284200/laravel-subdomain-single-auth-across-all-subs-not-working