7

I'm using the Lumen (by Laravel) micro-framework for a project, and I'm having some trouble with sessions. I'm just testing the implementation now, but the problem I'm experiencing is that when I set a session variable and then refresh the page, the variable is no longer set.

In my .env file I have:

SESSION_DRIVER=cookie

And I know that this is being picked up, because when I change it to memcached it throws an error (because I don't have memcached set up).

I've enabled the middleware too:

$app->middleware([
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',
]);

Then in my controller I have:

<?php
namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Http\Controllers\Controller;

class SessionController extends Controller
{
    public function index(Request $request)
    {
        $request->session()->put('email', 'test@test.com');
        $request->session()->save(); // Not sure if this is required

        var_dump($request->session()->get('email'));
        exit;

        return view('session.index', ['test' => $value]);
    }
}

The value is set when I load the page:

string(13) "test@test.com"

But then when I comment out the lines that set the variable, and I then refresh the page, the value is NULL:

// $request->session()->put('email', 'test@test.com');
// $request->session()->save();

var_dump($request->session()->get('email'));
exit;

A single cookie is being set in the browser, but it doesn't appear to be for the session variable:

laravel_session 2ecef0103418ca82d068ec6a6c6fbec388af9b9e    localhost   /   2015-06-22T14:59:29.856Z    55  ✓

EDIT: The cookie is actually set if I set the SESSION_DRIVER as cookie – regardless of whether or not I actually set a session variable.

I'm not sure where I'm going wrong here, and I don't find the documentation very comprehensive.

Thanks

Dave McGinn
  • 149
  • 4
  • 9
  • The cookies would be encrypted so there's no telling if that's the right cookie or not. Please make sure you actually have cookies enabled for this to work properly. It's also not a good thing to rely on and you should really use the file driver if possible. – user1669496 Jun 22 '15 at 14:21
  • Also running into similar issues. In my case, sometimes it sets the session value and I can retrieve it but then I can't update the session value or unset it. I'm using the files session driver. – kalenjordan Aug 28 '15 at 21:29
  • That cookie is always set and is only 55 bytes. If it were the encrypted session data, I think it would be longer and not look like a hexadecimal number. Cookie values aren't allowed to have arbitrary bytes (see [this](http://stackoverflow.com/questions/1969232/allowed-characters-in-cookies)) so you would have to encode it. If you base64 encode the encrypted, serialized array, the shortest it could be for me was 64 bytes. – jeteon Sep 17 '15 at 16:45
  • use `dd()` instead of `var_dump() + exit` ;) – Unamata Sanatarai Dec 30 '15 at 21:42

1 Answers1

2

Since you are trying to use the cookie session storage you'll need the cookie middleware too. The enabled middleware should be:

$app->middleware([
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',
]);

In your first example you use the session immediately after creating it so you are able to recover the value. However, since the session cookie itself is not set by the code, when you return to the page, no session is recovered. The "laravel_session" cookie is always set whether you use cookie storage or not. I'm using the file storage in a project and still it gets set.

Also, AFAIK, the line:

$request->session()->save();

is unnecessary.

The documentation states:

To enable sessions, you must uncomment all of the middleware within the $app->middleware() method call in your bootstrap/app.php file.

jeteon
  • 3,471
  • 27
  • 40