Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5.1] Auth::id() don't get $id from Recaller #13769

Merged
merged 1 commit into from
Jun 6, 2016
Merged

[5.1] Auth::id() don't get $id from Recaller #13769

merged 1 commit into from
Jun 6, 2016

Conversation

apollopy
Copy link
Contributor

The id function note: Get the ID for the currently authenticated user.

if get id from remember cookie, the cookie may invalid.(If a user sign out in other browsers)

@GrahamCampbell GrahamCampbell changed the title Auth::id() don't get $id from Recaller [5.1] Auth::id() don't get $id from Recaller May 30, 2016
@GrahamCampbell
Copy link
Member

Thanks, but I'm not quite sure what this fixes?

@GrahamCampbell
Copy link
Member

Does it not break stuff?

apollopy
apollopy reviewed May 30, 2016
View reviewed changes
src/Illuminate/Auth/Guard.php
@@ -180,7 +180,7 @@ public function id()
return;
}

$id = $this->session->get($this->getName(), $this->getRecallerId());
$id = $this->session->get($this->getName());
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$this->getRecallerId() get user id from cookie,but it did not check whether the cookie's token is valid

@apollopy
Copy link
Contributor Author

Code logic has not changed, just get the vaule from a trusted function

@taylorotwell
Copy link
Member

Signing out in other browsers would have no effect on this browser's cookies.

@apollopy
Copy link
Contributor Author

https://github.com/laravel/framework/blob/5.1/src/Illuminate/Auth/Guard.php#L550

First of all pls look at the link I post above.

Auth::logout() will refresh the Remember Token,which will lead to the remember cookie of other browsers invalid. This will result in the getUserByRecallercould not return to user in other browsers. according to the link

test:

browser A,session expired and remember cookie exist.

// browser A,session expired and remember cookie exist.
Auth::id(); // return 1
Auth::user(); // return user object by 1

If you firstly logout on browser B, then try to run the code on browser A in the same situation, it would not get the same result .

// browser B logout

// browser A,session expired and remember cookie exist.
Auth::id(); // return 1
Auth::user(); // return null

This is what I fixed:

// browser B logout

// browser A,session expired and remember cookie exist.
Auth::id(); // return null
Auth::user(); // return null

@taylorotwell taylorotwell reopened this May 30, 2016
@taylorotwell
Copy link
Member

OK will take a look.

@taylorotwell taylorotwell merged commit b5503d5 into laravel:5.1 Jun 6, 2016
@apollopy apollopy mentioned this pull request Jul 25, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@apollopy @GrahamCampbell @taylorotwell