I am working on an application that uses Laravel 8 in the backend and Nuxtjs in the frontend. My problem is that every time I make a request with Axios regardless of the method, Laravel creates a new session. This prevents me for example from checking the csrf cookie because each time a new session is generated. I don't really know what to do and I would like to get your help please...
sample code to get the session token :
Route::get('/test', function() {
return request()->session()->token();
});
First attempt : IM23wUv9NTY2IUu9gAJix6TTg3IFjjgOkasOkRhn
Second attempt : bMpuaa9Ink4dOUUJNEyJnbYYKSqSACP216Xq08Uh
Therefore, I always get a 419 for each of my requests.
Code:
const self = this
const rootURL = self.$axios.defaults.baseURL.replace('/api', '')
self.$axios.get('/sanctum/csrf-cookie', {
baseURL: rootURL
}).then(() => {
self.$axios.post('/auth/login', {
email: self.email,
password: self.password,
}, {withCredentials: true}).then(({data: response}) => {
console.log(response)
})
})
Response:
{
"message": "CSRF token mismatch.",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
"line": 387,
"trace": [
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
"line": 332,
"function": "prepareException",
"class": "Illuminate\\Foundation\\Exceptions\\Handler",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php",
"line": 51,
"function": "render",
"class": "Illuminate\\Foundation\\Exceptions\\Handler",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 172,
"function": "handleException",
"class": "Illuminate\\Routing\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
"line": 121,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
"line": 64,
"function": "handleStatefulRequest",
"class": "Illuminate\\Session\\Middleware\\StartSession",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Session\\Middleware\\StartSession",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php",
"line": 37,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php",
"line": 67,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Cookie\\Middleware\\EncryptCookies",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/sanctum/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php",
"line": 26,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 149,
"function": "Laravel\\Sanctum\\Http\\Middleware\\{closure}",
"class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/sanctum/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php",
"line": 34,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 697,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 672,
"function": "runRouteWithinStack",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 636,
"function": "runRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 625,
"function": "dispatchToRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 166,
"function": "dispatch",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 128,
"function": "Illuminate\\Foundation\\Http\\{closure}",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php",
"line": 31,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php",
"line": 40,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TrimStrings",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php",
"line": 27,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php",
"line": 86,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/fruitcake/laravel-cors/src/HandleCors.php",
"line": 52,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Fruitcake\\Cors\\HandleCors",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/fideloper/proxy/src/TrustProxies.php",
"line": 57,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Fideloper\\Proxy\\TrustProxies",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 141,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 110,
"function": "sendRequestThroughRouter",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/public/index.php",
"line": 52,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "/home/sidik/Projets/Colisone/web/laravel-backend/server.php",
"line": 21,
"function": "require_once"
}
]
}
Sessions on servers are used to store some user data (IP, authentication, etc). So because API's are stateless (server doesn't need to know about user) it seems like server generates a new session for every request and it's logical.
What you should do is make your app in a way that it does not need session data (stateless).
I do not recommend that you do otherwise and have never done it before so I don't know if it works but if you absolutely need the sessions then you must look at kernel.php file.
In $middlewareGroups array's api you can add
\Illuminate\Session\Middleware\StartSession::class,
to beginning of the array like this :
'api' => [
\Illuminate\Session\Middleware\StartSession::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
OR
Generate a session for user in login (where you assign them a token), store that session to database (create a sessions table). Then create a middleware that checks if the the user that is making a request has any session in database. if yes assign that session to current user. and add it in to the routes that you need.
If in a situation I need to do something like this I would choose option 2 because first I don't think the first one solves your problem, second the later way still enables me to scale my app without worry (I would need to separate my db server anyway) .
you can search about ways to have session on API's on google. you may find something that may suit you more.