auth-module icon indicating copy to clipboard operation
auth-module copied to clipboard
verified publisher icon nuxt-community

Laravel Sanctum / Cookie scheme does not log user out on route change when session expires

Open sts-ryan-holton opened this issue 4 years ago • 3 comments

Version

module: 5.0.0-1647967358.de1bb0f nuxt: 2.15.8

Nuxt configuration

mode:

  • [x] universal
  • [ ] spa

Nuxt configuration

/*
** Axios module configuration
** See https://axios.nuxtjs.org/options
*/
axios: {
  credentials: true,
  baseURL: process.env.API_URL
},
/*
** Auth config
*/
auth: {
  redirect: {
    login: '/account/login/',
    logout: '/account/login/',
    callback: '/account/login/',
    home: '/account/domains/'
  },
  strategies: {
    'laravelSanctum': {
      provider: 'laravel/sanctum',
      url: process.env.API_URL,
      endpoints: {
        login: { url: '/api/auth/login', method: 'post' },
        logout: { url: '/api/account/logout', method: 'post' },
        user: { url: '/api/auth/user', method: 'get', propertyName: 'user' }
      },
    }
  }
},

What is expected?

When a user tries to navigate to a page that performs a request requiring an authenticated user, the user should automatically be redirected to the redirect.login route if the response received is a 401 status code when the cookie expires.

What is actually happening?

When using the Laravel Sanctum provider, and setting the SESSION_LIFETIME to an unrealistic 1 minute period, the customer isn't redirected to the login page when they try to access a route that requires them to be logged in. Instead, they've got to refresh their web page.

Steps to reproduce

  1. Use Laravel Sanctum provider
  2. Set SESSION_LIFETIME=1 in the Laravel .env file
  3. Log in through the front-end
  4. Wait for the session to expire after a minute and try to navigate the admin area

Checklist

  • [x] I have tested with the latest Nuxt version and the issue still occurs
  • [x] I have tested with the latest module version and the issue still occurs
  • [x] I have searched the issue tracker and this issue hasn't been reported yet

sts-ryan-holton avatar Mar 28 '22 19:03 sts-ryan-holton

Update?

sts-ryan-holton avatar Apr 01 '22 10:04 sts-ryan-holton

Update?

sts-ryan-holton avatar Apr 11 '22 11:04 sts-ryan-holton

hi @sts-ryan-holton,

i think the config for your nuxt-auth should looks like this

auth: {
  redirect: {
    login: '/account/login/',
    logout: '/account/login/',
    callback: '/account/login/',
    home: '/account/domains/'
  },
  strategies: {
    'laravelSanctum': {
      provider: 'laravel/sanctum',
      url: process.env.API_URL,
      user: {
        property: 'user'
      }
      endpoints: {
        login: { url: '/api/auth/login', method: 'post' },
        logout: { url: '/api/account/logout', method: 'post' },
        user: { url: '/api/auth/user', method: 'get' }
      },
    }
  }
},

and also you need to keep calling this.$auth.fetchUser() everytime route changed on page reload, because on my experience using this module is this module only fetch user once after using loginWith

hope this will help

antandev avatar Aug 03 '22 06:08 antandev