Session data getting lost on using TokenRedirect about laravel-shopify HOT 31 CLOSED

@talkwithdeveloper it's not been looked at by myself in much detail yet. It's on my long list of things and being an issue on blade templates I don't actively see it because I mainly use this package as an SPA.

When I did take out an hour to look at it, I can confirm the session was lost but I followed through using xDebug and couldn't pin point the issue at the time.

I'm hoping someone else can take a deeper look, preferably someone who uses blade like yourself and open a PR, otherwise it will just have to wait until I get to it on my to-do list.

from laravel-shopify.

from laravel-shopify.

@kashif-sol This package is stable, enough for me to be able to run three Shopify apps successfully using it. I am however only one coding human, so I can't fix all bugs as soon as they come up and try to prioritise the urgent ones that would effect an app from loading.

Any package is going to have bugs, like all software on the internet. You are free to use Shopify's packages if you wish, that choice is yours and yours alone.

Please refrain from unnecessary spam comments like "close the package" etc as it is just not constructive or helpful.

Hope you have a good day and happy coding.

from laravel-shopify.

@Kyon147 I don't have a solution to this issue, but I think I understand at least part of what might be happening.

When we're running an embedded app in the Shopify admin, Shopify essentially forces us to hand over management of the user login session to the Shopify admin. So on every request, the VerifyShopify class checks with Shopify to make sure the user is still logged in on the Shopify side. However, on the Laravel side, we get a new Laravel session every pageload, because there's nothing that ties the Shopify session token to the Laravel session ID.

I'm using the verify.shopify middleware to handle my Shopify login persistence.

I was able to verify that I am getting a brand new Laravel session every pageload by logging session()->getId() after $this->auth->login($shop) in VerifyShopify::loginShopFromToken() which is running on each pageload. While the Laravel session ID changes with each pageload (and creates a new entry in my sessions table in the database), the Shopify session token remains constant ($context->getSessionToken()->toNative()) across pageloads (at least until it expires - see below), but unique to my Shopify admin login session.

So it seems that the missing piece here is some sort of lookup table to tie together the Shopify session to the Laravel session, so we can reuse the same Laravel session based on the Shopify session. The other tricky bit is probably that Shopify's session tokens have a lifetime of only one minute.

I do see that loginShopFromToken() seems to have the ability to accept a session= query string parameter from the request to set a session ID, but that parameter seems to always be null for me. And unless I'm missing it, I don't think that session ID is being used in the package to link to a Laravel session to persist Laravel session data across pageloads.

It's totally possible that there's user error on my part somewhere, but if so I hope documenting what I'm seeing here might help someone else out.

from laravel-shopify.

@Kyon147 can you confirm this bug, if possible?

from laravel-shopify.

A quick google search has return this https://laravel.com/docs/master/session#flash-data

Has your tried this method? To see if it works as an alternative?

from laravel-shopify.

A quick google search has return this https://laravel.com/docs/master/session#flash-data

Has your tried this method? To see if it works as an alternative?

No this doesn't. Also, I tried on a non shopify route with normal redirect and it works fine as expected. Session data is retained on that.

from laravel-shopify.

A quick google search has return this https://laravel.com/docs/master/session#flash-data
Has your tried this method? To see if it works as an alternative?

No this doesn't. Also, I tried on a non shopify route with normal redirect and it works fine as expected. Session data is retained on that.

Can you send me what you did that worked?

from laravel-shopify.

@Kyon147

I mean if you just do this:

  session([
            'data'=> 'hello'
        ]);
        return Redirect::to('/some-route');

On wiritng the logic of some-route just do:

dd(session()->all());

You would see it would work as expected, the session would be retained.

from laravel-shopify.

@talkwithdeveloper I can confirm using the token redirect, the session is lost.

I had a quick look at the cause but could not narrow anything down at the moment. I won't have a lot of time for the next week - so if you can help debug this issue it would be helpful.

If you find a solution, open a PR and I'll take a look.

from laravel-shopify.

@talkwithdeveloper I can confirm using the token redirect, the session is lost.

I had a quick look at the cause but could not narrow anything down at the moment. I won't have a lot of time for the next week - so if you can help debug this issue it would be helpful.

If you find a solution, open a PR and I'll take a look.

Sure I would try my best to narrow it ASAP.

from laravel-shopify.

how to send data from post method using tokenRoute in laravel,
get method is working properly, please tell about the post form data @Kyon147 @talkwithdeveloper

from laravel-shopify.

Session data is being lost at the moment, as this ticket is still unresolved.

Feel free to open a PR with a solution if you find one.

from laravel-shopify.

Hi any updates on this one?

from laravel-shopify.

It's still a pretty relevant issue... its solution would help a lot

from laravel-shopify.

Hey @michaellehmkuhl

That's some good investigation, and really useful.

Yeah the session is coming off the back of the JWT token authentication which lasts one minute as you say. I'll have a think about how we could potentially keep session data for longer - it could be refactoring the way loginShopFromToken works or another route.

Appreciate you taking the time to delve into this a bit more.

from laravel-shopify.

Hey @michaellehmkuhl

That's some good investigation, and really useful.

Yeah the session is coming off the back of the JWT token authentication which lasts one minute as you say. I'll have a think about how we could potentially keep session data for longer - it could be refactoring the way loginShopFromToken works or another route.

Appreciate you taking the time to delve into this a bit more.

But I tried to find on how the Redirector class' originally works and it retains the session.

from laravel-shopify.

@SachinBahukhandi So normal redirects keep session, but the tokenRedirect is not?

from laravel-shopify.

@SachinBahukhandi So normal redirects keep session, but the tokenRedirect is not?

Strange but true.

from laravel-shopify.

I used this package to generate the backtrace:

from laravel-shopify.

In my case, I'm not able to persist a Laravel session at all. Each request initiates a new Laravel session (using v18.0.1, by the way).

from laravel-shopify.

I'll spend a little bit of time this weekend looking into it, thanks for all your research and notes.

from laravel-shopify.

I'll spend a little bit of time this weekend looking into it, thanks for all your research and notes.

Any updates on this one? If someone could help with the development I would do the rest of the things! Much appreciate the help in advance!

from laravel-shopify.

Any updates on this? I am also unable to get the session values which i stored. I have also removed verify.shopify middleware to test.
I have laravel version 8 with ossiset package.
And also starnge thing is happening with me is. When i am login in with laravel login blade after redirecting the shopify user is returned not the laravel logged in user. Also tried applying auth Middleware but then it will not redirect to Dashboard page.
Hope any can help me.

from laravel-shopify.

I'm still investigating this at the moment but not had a lot of time to really dive into it.

In terms of your issue @CodaemonHaroon you have to use the verify.shopify middleware otherwise you won't get the logged in shop. It is mandatory on all routes that you want to get current Shop data or api calls.

Redirect wise I am not sure what your issue is but check you are passing the host param.

from laravel-shopify.

Hi everyone,

I think I have found the issue, it is actually down to the browsers and the secure cookie polices now. I remember us having this issue before JWT was implemented.

You have to make sure the laravel app has the correct session cookie setting inside session.php

To get it to work I had to change these values.

Secure has to be true
'secure' => env('SESSION_SECURE_COOKIE', true),

Same site needs to be none
'same_site' => 'none',

APP_URL has to be the correct url set to the app you are loading.

Most important of all, you have to be on https chrome and other browsers no longer allow insecure cookies being set even when you set secure to none it seems.

All these now meant I could use Session::falsh() to save a message. Session::put() also worked to save data across the pages.

Before

After on new page after deleing and setting the flash message.

from laravel-shopify.

Closing this now as multiple tests are working for me, but can re-open if the issue comes back.

from laravel-shopify.

@Kyon147, hello i have installed latest version of the package for this, created a fresh setup. the App is installed successfully.
php => 8.1
laravel => 8
"kyon147/laravel-shopify": "^19.0"
I am setting the session but it is not coming on the other controller.

use Illuminate\Support\Facades\Session;
USED THESE below code of line to set sessions.
$request->session()->put('username', $user->username);
Session::flash('shop_user', 'abc');
Session::put('username', 'xyz');
$request->session()->push('username', 'xyz');
FOR Accessing
Session::get('username')
BUT NO LUCK

I have made the changes in config/session.php file as you said.

from laravel-shopify.

@CodaemonHaroon as it is a cookie / browser issue and not a package issue there might be other things with your set up or code or even the browser that might require changing or additional updates.

I've confirmed myself that it's not a package issue and provided the most likely steps to resolve the issue.

If you need specific help, outside it being an issue with the package which I know believe it is not as I can get it working. Can you provide more information on your set up in our Discord.

Someone or myself can then look at it when free to do so.

Update:
To give a bit of insight.

You have to make sure that the session cookie is staying the same.

If it changes then for some reason the app is unable to set the cookie and a new session is created each time in Laravel.

Also, is this a local app, is it on a server. Are you on http or HTTPS? There's a lot of variables to consider.

from laravel-shopify.

@Kyon147 Hello, can you please help/provide me the code for how to set the Session and use across my all blades files while redirecting.

from laravel-shopify.

@CodaemonHaroon have you check this PR which another user has fixed the issue #133

Try adding the code from the PR mentioned to pass along the host, then sort out the cookies for the app and see if that solves the issue.

The PR for the host in @sessionToken will be deployed this week properly.

from laravel-shopify.