Search code examples
session-cookieslaravel-5.7

Laravel 5.7 session flash message for login intermittently working

I'm using Laravel 5.7 and have successfully sorted out login and logout for user using manual authentication.

I have this in my login blade template to alert to bad credentials:

@if (Session::has('status'))
  <div class="alert alert-danger text-center" role="alert">
    {!! Session::get('status') !!}
  </div>
@endif

This is in my controller, after determining that the username and password provided is not accepted:

$request->session()->flash('status', 'These credentials are not working.<br>Refresh and try again.');
  return redirect()->back()->withInput();

When it works, I get the status message and the username is provided. The thing I can't figure out is what happens next. I've tried all of the following and sometimes the message will display again, and sometimes it won't. It has never shown more than twice in a row. And once it doesn't show, it seems to not show for awhile.

  • Enter in a different password (while username has already been inputted)
  • Refresh browser, and try both again
  • change username, and then enter password

Even when I clear cookies, it does not seem to make any difference. I have double checked my cookie and session settings in .env and config files. I'm getting no error messages. I'm using database with mysql. I used migrate to build the sessions table.

Sessions noted in the database are not inappropriately duplicating. The last activity field is updating appropriately.

When I view the session cookie in Chrome, it's changing after every submission. I don't mean the XSRF-TOKEN, I mean the session cookie. I'm surprised it's changing.

I'm thinking my code is okay but I have a setting wrong somewhere. Where should I look?

UPDATE: If I check "Disable cache while DevTools is open" then it works much better. I can submit bad credentials, and it will show the message and the username is in the field. If I enter the password and submit it redirects to a clean login, no message, no data.

If I get the message and then manually refresh the browser to a new login, I will get the message again probably half of the time. But then I will attempt the same thing again (refresh, try again) and get multiple redirects to the login page again with no data/message.

Final Resolution: I changed session handling to file.

Solution

  • Instead of flashing try redirecting with the message:

    return redirect()->back()->with('status', 'These credentials are not working.<br>Refresh and try again.');