Laravel 5.7 Auth::loginUsingId() not working after CSRF token generated

laravel custom authentication
laravel authentication
laravel middleware('auth)
laravel 5.7 login example
laravel login session example
laravel registration
laravel check user logged in
laravel user management

I am trying to auto-login user on step-2 of registration steps. After successful insert into db i am using Auth::loginUsingId($user_id) to auto-login user using ajax. I am always submitting CSRF token on each steps.

Now the problem is after successful login CSRF token get generated and Auth::user() gets blank on step 3

Also before and after login CSRF is different.

First of all, csrf token is required when using non-GET request, so if in your case using GET request seems reasonable you can use it.

Otherwise, in step 2 you should return new CSRF token for example like this:

Auth::loginUsingId($user_id);

return response()->json(['csrf_token' => csrf_token()];

and then in step 3 use this new token you got from Step 2 response.

Laravel 5.7 Auth::loginUsingId() not working after CSRF , Laravel 5.7 Auth::loginUsingId() not working after CSRF token generated. laravel custom authentication laravel authentication laravel middleware('auth) laravel  Laravel makes it easy to protect your application from cross-site request forgery (CSRF) attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user. Laravel automatically generates a CSRF "token" for each active user session managed by the application.

You can try Auth::id() to get the current user's id.

If you want all the details about logged in user then you can use Auth::user().

By Auth::user() you can access all details about the user.

You can also log in from the controller by passing user id Auth::login($user_id)

And if you user Auth::loginUsingId() then you have to pass user id and true status for remember the details.

Like :Auth:loginUsingId(user_id, true)


For Example :

Get User's Id : Auth::id()

Get User's Name : Auth::user()->name

Get User's email : Auth::user()->email

etc....

Authentication - Security - Laravel, Laravel 5.7 Auth::loginUsingId() not working after CSRF token generated. I am trying to auto-login user on step-2 of registration steps. After  If your application is not using Eloquent, you may use the database authentication driver which uses the Laravel query builder. When building the database schema for the App\User model, make sure the password column is at least 60 characters in length.

You may try this method Auth::User()->id;

authentication guard - Authentication - Laravel, The authentication configuration file is located at app/config/auth.php , which contains is not using Eloquent, you may use the database authentication driver which uses the user's session ID will automatically be regenerated after authenticating. array('before' => 'csrf', function() { return 'You gave a valid CSRF token! Not sure why it didn't work previously or if that was unrelated, but 5.7.3 is working. So at this point I have no idea if it's Laravel or my server. If it's working on 5.7.3, then that means my sessions are in fact persisting - at least on 5.7.3, right?

Seems like its not an issue of CSRF at all. When you create a new user, Like

$user = new App\User;
$user->username = $request->username;
...
...
$user->save();

Auth::loginUsingId($user->id);

Then place dd(Auth::user()->id); to check that user is logged in or not.

Let us know.

Laravel 5.7 Auth::loginUsingId() not working after , This column will be used to store a token for users that select the "remember me" A HomeController will also be generated to handle post-login requests to your $request) { // $request->user() returns an instance of the authenticated user. By default, after confirming their password, the user will not have to confirm their  If you choose to remove these controllers, you will need to manage user authentication using the Laravel authentication classes directly. Don't worry, it's a cinch! We will access Laravel's authentication services via the Auth facade , so we'll need to make sure to import the Auth facade at the top of the class.

User Authentication not working!, I am always submitting CSRF token on each steps. Now the problem is after successful login CSRF token get generated and Auth::user() gets  Upgrade and downgrade Laravel (between 5.6 and 5.7) But none of these above worked for me. EDIT. My case here is every time I login, a new session file will be created (The old one is still persist, but suddenly forgotten. Check storage/framework/sessions) and new CSRF token is generated. So the problem is not with VerifyCsrfToken.

[PDF] Laravel 5 Official Documentation, I've had this problem for a few days now and it really irritates me that I can't solve it. Route::get('auth/login', 'Auth\AuthController@getLogin'); Route::post('auth/​login', This line of code {!! csrf_field() !!} generates a hidden input field with a randomized value. The token remained the same after I refreshed the login view. Generating The Reset Token Table Migration. Next, a table must be created to store the password reset tokens. The migration for this table is included in the laravel/ui Composer package. After installing the laravel/ui package, you may use the migrate command to create the password reset token database table:

Laravel 5.6 - Login with Facebook using Socialite, In Laravel 5.1, you would typically need to use the Route::model method to the included authentication and CSRF “filters” have been converted to are not running MySQL 5.7 or above, this column type will not be available to you. After this change, a fresh token will be assigned to the user each time they login to. If your application is not using Eloquent, you may use the database authentication driver which uses the Laravel query builder. Note: Before getting started, make sure that your users (or equivalent) table contains a nullable, string remember_token column of 100 characters.

Comments
  • upload code dear
  • on step2 using Auth::loginUsingId($user_id); to auto-login user and on step 3 using $user = Auth::user(); to get user session which is blank
  • have you tried this $user = Auth::User()->$user_id; ?
  • Auth::User() this object is blank then how it will give ->user_id?
  • I mean to say you need to pick the user with the login id as well because the session is started for that particular user.
  • Hey Thanks for your response. Yeah i am using new CSRF token on step 3 but after new csrf token generated Auth::user gets blank in my case
  • also i am getting 401 Unauthorized on step3 with new csrf token
  • after debugging i found that after step 2 session file get deleted from storage\framework\sessions and created new session file there,that is why Auth::user() get blank. How to solve this?
  • @MaheshSinghChouhan Are you sure you are using exact same domain all the time? You can use https vs non-https, www cs non-www ...
  • Hey @Marcin Nabialek, sorry for the late reply. Yeah i am using localhost:8000 each time but don't know why after login with new csrf token my old session file get deleted which had user details in it
  • after debugging i found that after step 2 session file get deleted from storage\framework\sessions and created new session file there,that is why Auth::user() get blank. So i use anything after that is blank because session file gets deleted which had user details in it
  • Hello @MaheshSinghChouhan, Did you check your session.php file in config folder, Or else you have to set the environment variable SESSION_LIFETIME=120, Here 120 is minutes and its default time. Still, you found the same issue visit