I'm trying to implement a single sign on.
The other application makes a http post request to my app passing some parameters, I make a request back and get an email address for the current user. (Yes, I've set the necessary CORS header in my .htaccess)
I'm now creating a user instance with that email and try to authenticate the user.
Auth::login($user, true);
return response("OK", 200);
This works fine (if the user was found).
I now expect that with Auth::login an authenticated session gets created and a session cookie is saved. As soon as the user opens my app, this session is found, no further login is necessary and the dashboard opens.
However no cookie is saved at all.
I then tried to save the cookie manually using
response("OK", 200)
->cookie("laravel_session", Session::getId(), 60);
I also tried
response("OK", 200)
->cookie("laravel_session", encrypt(Session::getId()), 60);
And
Cookie::queue(Cookie::make("laravel_session", Session::getId(), 60));
response("OK", 200);
In every case the cookie was set but when opening my app the login screen was shown. So my guess is, that there must by anything I'm missing or the laravel_session cookie contains some other data.
So my question is: Using an ajax post request, how do I properly authenticate a user and save that as a cookie, so he will be logged in when he opens up my app?
Thanks a lot for help.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire