Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Forms still expire #89

Open
ItaloBC opened this issue Apr 10, 2018 · 20 comments

Comments

Projects
None yet
7 participants
@ItaloBC
Copy link
Contributor

commented Apr 10, 2018

Expected Behavior

Forms stills alive

Actual Behavior

They expire

Details

Using the middleware method, all the drips get 204, no problem so far. The only thing I noted is that after the session time expiration, the XSRF-TOKEN cookie being sent for the drip disappears.

It seems that Laravel doesn't want to maintain the token session alive in the form even if the drips are correctly sent and responded.

Already removed and reinstalled Caffeine and dumped the autoload juts to be sure.

Workaround

Using Axios, I made a normal get to the form located axios.get('https://myapp.test/login and the token lives throught the timeout . But using axios to the default dripping route doesn't.

It would seem that Laravel session enforces the current URL, but after using get on other routes of the application (like axios.get('https://myapp.test/artist/michael-jackson/albums/all')) also keep them alive.

See updates.

Environment

  • PHP Version: 7.2.4
  • NGINX: 1.12.2
  • Laravel Version: 5.6
  • LaravelCaffeine Version: 0.6.8

Stack Trace

Unavailable.

@ItaloBC

This comment has been minimized.

Copy link
Contributor Author

commented Apr 10, 2018

Update 2:

Removed Caffeine. Went to web-php and added my own drip route:


Route::get('/drip-route', function() {
    return response(null, 204);
});

Then I made a GET with Axios to that point (which includes a CSRF token in the meta), and the form didn't expire.

Back to installing caffeine and see where the chain fails.

@ItaloBC

This comment has been minimized.

Copy link
Contributor Author

commented Apr 10, 2018

Update 3 (This is weird)

Installed Caffeine, everything default.

I deleted the route declaration in /routes/web.php of this package:

// Route::get($dripRoute, Drip::class.'@drip');

Then I added the default route in my web.php, at root.

Route::get('/genealabs/laravel-caffeine/drip', function() {
    return response(null, 204);
});

Success. Forms doesn't expire.

But it won't work if the route is declared using the web.php of this package. That means that something is interfering with the route that Caffeine is declaring, but at glance everything is clean.

But...

Moving the same code I added in my web.php to the route/web.php package gives the same problem:

// Route::get($dripRoute, Drip::class.'@drip');

Route::get('/genealabs/laravel-caffeine/drip', function() {
    return response(null, 204);
});

With this, forms still expire.

@mikebronner

This comment has been minimized.

Copy link
Member

commented Apr 12, 2018

Hi guys, thanks for reporting this. I will check this out soon -- I'm currently swamped with work, but hope to get to it over the weekend.

@mikebronner mikebronner self-assigned this Apr 12, 2018

@s21825

This comment has been minimized.

Copy link

commented Jul 26, 2018

I've also encountered this issue (or something very similar).

PHP Version: 7.2.7
NGINX: nginx/1.14.0 (Ubuntu)
Laravel Version: 5.6
LaravelCaffeine Version: ^0.6.11

I noticed that the session was still expiring on an idle form and research led me here. After trying the workaround of creating a route in my web.php file to catch the drip requests, the session is no longer expiring.

From the network tab on Chrome devtools the only difference I can see is that when the drips are handled by the overridden route the following response headers get sent:

Set-Cookie: XSRF-TOKEN={snip}; expires={snip}; Max-Age=7200; path=/
Set-Cookie: {snip}_session={snip}; expires={snip}; Max-Age=7200; path=/; httponly

When the default route handles the drip those response headers are absent. Everything else looks identical though.

I'm up and running with the overridden route entry though so thanks for posting that workaround!

@mikebronner

This comment has been minimized.

Copy link
Member

commented Aug 5, 2018

@s21825 @ItaloBC Please add this bit of code to your form page, and let me know what the output is:

<?php dd(php_sapi_name()); ?>
@s21825

This comment has been minimized.

Copy link

commented Aug 5, 2018

This is what I get:

"fpm-fcgi"

@mikebronner

This comment has been minimized.

Copy link
Member

commented Aug 5, 2018

@s21825 that should work. Can you try the latest update from today and see if the problem still persists? I tried with a new Laravel project and it worked. If it still doesn't work for you, can you post a link to a repo that reproduces the error? Thanks!

@s21825

This comment has been minimized.

Copy link

commented Aug 6, 2018

I just did a quick test by setting my session lifetime to 6 minutes with the default drip interval of 5 minutes. After three drips I still had an active session. So it appears to be working as expected with the latest version. I'll leave things idle for a few hours and check again but so far so good! Thanks for following up.

@s21825

This comment has been minimized.

Copy link

commented Aug 6, 2018

After further investigation, the session is still expiring with the new release. I'll have to see if I can put together a public project to share with the issue present as I am not able to share my current project.

@MoogyG

This comment has been minimized.

Copy link

commented Aug 9, 2018

Same problem here.

So I tested by adding the drip route on my wep.php file and this is working too.

I compared the two cases by doing php artisan route:list and there is a difference, in my web.php the route is using web middleware but when this is in the plugin there is no middleware used.

I don't know why yet but it explains the problem, without web middleware, laravel session middlware is not triggered.

@mikebronner

This comment has been minimized.

Copy link
Member

commented Aug 9, 2018

@MoogyG can you also run this command in your blade view with your form, and report back with the result:

<?php dd(php_sapi_name()); ?>
@MoogyG

This comment has been minimized.

Copy link

commented Aug 9, 2018

"fpm-fcgi"

I am using laradock on ubuntu 16.04.

Found something, php dd($this->middlewareGroupExists('web')); give me false in boot method of your provider.

I am using dusk that is hard coding web middleware in his service provider and horizon that is using a config file for that.

Why are you checking web middleware presence?

@mikebronner

This comment has been minimized.

Copy link
Member

commented Aug 9, 2018

@MoogyG that needs to be checked for backward compatibility. The command I provided above directly relates to that middleware check, but your's shouldn't be reporting false. Can you follow the chain and see what line of code causes it to be false on your system?

Thanks!

@mikebronner mikebronner added bug and removed unconfirmed bug labels Aug 9, 2018

@MoogyG

This comment has been minimized.

Copy link

commented Aug 9, 2018

$routes = collect(app('router')->getRoutes()->getRoutes());
dd($routes);

only report "barryvdh/laravel-debugbar" routes that is not using web middleware.

Is there a problem with laravel auto package discovery? If you are the first service loaded, you can't see other routes, i don't think it's a good way.

@mikebronner

This comment has been minimized.

Copy link
Member

commented Aug 9, 2018

By any chance are you using route closures? Also, would you mind pasting your routes/web.php file content here? Thanks!

@MoogyG

This comment has been minimized.

Copy link

commented Aug 9, 2018

none route closures until I wrote to test:

Route::get( 'caffeine/drip', function() { return response(null, 204); });

And i am not authorized to do that

@mazen1985

This comment has been minimized.

Copy link

commented Dec 5, 2018

Any updates here, I have same issue the package is still dripping but the session still keeping expired.

@liyu001989

This comment has been minimized.

Copy link

commented Apr 18, 2019

laravel 5.8 same issue, middlewareGroupExists return false because $routes = collect(app('router')->getRoutes()->getRoutes()); is empty array。

@smirnov-tk

This comment has been minimized.

Copy link

commented May 23, 2019

Same here.
Why don't you use hasMiddlewareGroup function of the Router if it is available? It's 5.4+
And it can see my 'web' group
Laravel API

@mikebronner

This comment has been minimized.

Copy link
Member

commented May 23, 2019

@smirnov-tk @mazen1985 @MoogyG @liyu001989 Sorry for the delay on this. Thanks for the suggestion @smirnov-tk, I will take a look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.