Laravel 5.6 shopping cart based on session token authentication issue
I created a custom e-commerce system based on laravel. The shopping cart is identified by the session token of laravel (session['_token']) and is devided in a cart table and a cartProduct table. The whole system is working as expected.
Unfortunately the session['_token'] is changed as soon as the users has succesfully logged in. After this the whole cart of the old session is not correct idetified because the token has changed.
Now my questions:
- How can I prevent Laravel from changing the session['_token'] after log-in?
- Is this recommandable or can some security issues occur?
- If not: How to relate the shopping cart to the user before and after login?
If you need further information about the system please let me know in the comments and I will provide you with details.
cart - table: 
cart_products - table: 
I found a working solution. I modified the LoginController and updated the sendLoginResponse method to my needs:
protected function sendLoginResponse(Request $request)
{
// save old session token (shopping cart is related to this one)
$old_session_token = session()->get('_token');
// regenerate new session (prevent session fixation)
$request->session()->regenerate();
// get new session token
$new_session_token = session()->get('_token');
// update session token in cart table
$shopping_cart = Cart::where('session_token', $old_session_token)->first();
$shopping_cart->session_token = $new_session_token;
$shopping_cart->save();
$this->clearLoginAttempts($request);
return $this->authenticated($request, $this->guard()->user())
?: redirect()->intended($this->redirectPath());
}
This code updates the old token with the new one.
- How to remove all non printable characters in a string?
- How to display WooCommerce product long description in the head?
- Is there a way to enforce a unique column using doctrine2?
- Authorize.net refund Transaction error: has invalid child element 'payment' in namespace
- cURL with SSL certificates fails: error 58 unable to set private key file
- PHPUnit: get arguments to a mock method call
- How to test Symfony standalone bundle
- Retrieve .htaccess login name from PHP
- Sort a 2d array by a column and obey a dynamic direction variable
- Sort a flat array ascending
- Calling sort() inside of a foreach() does not affect the original array
- Loop only stores the last row while trying to build a 2d array while looping a query result set
- xampp is not showing .php files saved in htdocs folder
- Populate a 2d array from a query result and use a column value as the first level keys
- how to declare punch of array variable in Excel using PHPExcel??/
- How can I detect all symbols on mathematical operators on PHP using regex?
- PHP response triggers HEX view in Edge debugger
- Populate a grouped multidimensional array from parsed HTML content
- Sort rows of a 2d array by its first column descending
- Duplicate and append each row of a 2d array using a flat aray
- PHP reading shell_exec live output
- PHP script not running with www-data cron
- laravel 8 , I have a relationship between 3 tables attribute and value and ad
- Store related items with many-to-many relationship Laravel
- Put function in Queue but not loaded relation data | Laravel Queue
- Magento AvS_fastsimpleimporter multiple addresses
- Parse a text file into an array of associative arrays by splitting on semicolons, then commas, then equals signs
- How to validate an Instagram username
- Parse video id and start time from differently formatted youtube URL strings
- How to create a multidimensional array with an identifying column value used as the first level key?