2

I have a problem with the login when I try to log in it says the page has expired due to inactivity.I am using middleware to check role based on user login and it seems it's not working. When ever try to login the page has expired message popups.

Route:

Route::get('/', function () {
    return view('login');
});

Route::get('/dashboard/{user_id}', ['as' => 'dashboard', function ($user_id) {
    return view('theme.index')->with(['id'=>$user_id]);
}]);
Route::post('login', 'AuthController@postSignIn')->name('login');

AuthController:

 public function postSignIn(Request $request)
    {

        if (Auth::attempt(['username' => $request['username'], 'password' => $request['password']])) {
            $user=DB::table('users')->where([['username', '=', $request['username']],['status','=','0']])->first();
            $user_id=$user->user_id;


            return redirect()->route('dashboard',$user_id)->with('message', 'State saved correctly!!!');
        } else {
            return redirect()->back();
        }
    }

Middleware:

public function handle($request, Closure $next)
    {
        if ($request->user() === null) {
            //  return response("Insufficient permissions", 401);
            return response(view('error'),401);
        }
        $actions = $request->route()->getAction();
        $roles = isset($actions['roles']) ? $actions['roles'] : null;

        if ($request->user()->hasAnyRole($roles) || !$roles) {
            return $next($request);
        }
//        return response("Insufficient permissions", 401);
        return response(view('error'),401);
    }

}

Index:

     <form class="form-horizontal" action="{{ route('login') }}" method="post">
   {{ csrf_token() }}
   <div class="form-group m-b-20 row">
      <div class="col-12">
         <label for="emailaddress">Username</label>
         <input class="form-control" type="text" id="username" required="" placeholder="Enter Username">
      </div>
   </div>
   <div class="form-group row m-b-20">
      <div class="col-12">
         <label for="password">Password</label>
         <input class="form-control" type="password" required="" id="password" placeholder="Enter your password">
      </div>
   </div>
   <div class="form-group row text-center m-t-10">
      <div class="col-12">
         <button class="btn btn-md btn-block btn-primary waves-effect waves-light" type="submit">Login</button>
      </div>
   </div>
</form>
Saurabh
  • 2,655
  • 1
  • 20
  • 47

4 Answers4

4

You can change the session lifetime in Laravel config inside config/session.php by modifying following value

lifetime

also you will need to run 

php artisan config:cache

for Laravel to pick new configurations.

Aman
  • 439
  • 5
  • 15
  • 'lifetime' => env('SESSION_LIFETIME', 120), 'expire_on_close' => false, in this where should i use it @Aman –  May 02 '18 at 09:00
  • @Abhijith First of all it's not CSRF failure but rather specific to session. And second yes, that should pretty much resolve your issue :) – Aman May 02 '18 at 10:36
  • `'lifetime' => env('SESSION_LIFETIME', 120),` is getting overridden by `SESSION_LIFETIME=20` in `.env` so change that or just `lifetime = 360`. – ourmandave Jun 18 '19 at 13:33
1

I had figured it out i did it from scratch it was the problem of Auth function The import Auth before that i did run two commands to clear my cache

php artisan cache:clear

php artisan config:cache


and import Auth

Thank you for the help guys appreciate it

0

add your route in $except array of VerifyCsrfToken.php middleware like this $except = [ "/login" ]; .

Amol Rokade
  • 145
  • 1
  • 11
0

open VerifyCsrfToken.php middleware and put in except your url like :

protected $except = [
'http://localhost:8000/login'

];

and can see laravel docs for more information about csrf https://laravel.com/docs/5.6/csrf#csrf-excluding-uris

Ehab Elzeny
  • 234
  • 4
  • 6