0

Im using laravel to develoment an app. i need to store the session in database and everything works fine until i want to test in firefox.

When i Log in a user in Firefox, every request creates a new session row in database without the user_id. Session seems to working fine but im getting trash rows in every request.

Im getting a lot of trash rows here

This only happens in firefox, my cookies are enabled, i try it in other computers and getting the same results.

I already double checked my middlewares, config/session.php and .env files.

kernel.php

protected $middlewareGroups = [
    'web' => [ 
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

/**
 * The application's route middleware.
 *
 * These middleware may be assigned to groups or used individually.
 *
 * @var array
 */
protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
    'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
    'can' => \Illuminate\Auth\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
    'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
    'EscuelaEnPaquete'=>\App\Http\Middleware\EscuelaEnPaquete::class,
    'SesionesUsuario'=>\App\Http\Middleware\SesionesUsuario::class,
];

'SesionesUsuario'

        //Actualizamos la ultima interacción
    
    $actualmenor = \Carbon\Carbon::now()->subSeconds(env('MAX_seconds_IS_ALIVE'))->timestamp;
    $actual = \Carbon\Carbon::now()->timestamp;
    
    $sesion = Session::where('id',\Session::getId())->where("user_id",Auth::id())->first();


    if($sesion){
        
        $sesion = Session::find(\Session::getId());
        $sesion->last_activity =  $actual;
        
        if($sesion->login_on == null){
            $sesion->login_on = $actual;
        }
        
        $sesion->save();
    }
    
    //checamos si existe sesion
    
    $sesiones = Session::where("user_id",Auth::id())->where("id",'<>',\Session::getId())->count();
    
    if($sesiones >= env('MAX_SESSIONS')){
        //Camino: Eliminar sesion mas antigua
        
        $take = env('MAX_SESSIONS')-1;
        
        
        if(env('MAX_SESSIONS')-1 < 0){
            $take = 0;
        }

        $sesion_eliminar = Session::selectRaw('id as id_session')->where("user_id",Auth::id())->where("id",'<>',\Session::getId())->orderBy('login_on','DESC')->take($take)->get();
        
        $array_salvar_eliminar =[];
        
        foreach ($sesion_eliminar as $ident){
            array_push($array_salvar_eliminar,$ident->id_session);
        }
        
        array_push($array_salvar_eliminar,\Session::getId());
        
        //Quitamos sesiones sobrantes
        
        Session::where("user_id",Auth::id())->whereNotIn('id',$array_salvar_eliminar)->delete();
        
    }
    
    return $next($request);

The middleware is actually working, but i cant let the trash session in database.

UPDATE: ok, i do a deeper debug and the extra sessions are only added when an ajax call is made.

UPDATE: this happened in all browser but for weird reasons it only happened in firefox when i wrote this.

EDIT: edited the title to be more accurate.

Khero
  • 11
  • 3

1 Answers1

0

Welp after a lot of researching, i found something usefull for anyone who is in the same problem.

The problem: the route used in the ajax call was in http and not in https. so i was getting a cross domain request and laravel interpretates that as a new session.

so if this ever happen to you, you should check some things.

1- Check your htaccess : you must look for this

RewriteEngine On

RewriteCond %{HTTPS} !on
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Our server doesn't had that configuration, so if you have permissions just add 
those lines and will work.

2- If you cant change httaccess

If you can't modify httaccess, you must add

\URL::forceScheme('https');

to your app\Providers\AppServiceProvider in the boot() method.

this also can help if your $request->isAjax() method is not working.

yeah, the problem was caused by a miss configuration of the server after all. Hope this help someone in the future.

for more info about answer check this:

Laravel 5 - redirect to HTTPS

Khero
  • 11
  • 3