ycs77 / laravel-recover-session
Recover Laravel session when form post back from third-party API.
Fund package maintenance!
Patreon
Requires
- php: >=8.1
- illuminate/cache: >=9.0
- illuminate/config: >=9.0
- illuminate/contracts: >=9.0
- illuminate/encryption: >=9.0
- illuminate/http: >=9.0
- illuminate/session: >=9.0
- illuminate/support: >=9.0
- symfony/http-foundation: >=6.0
Requires (Dev)
- mockery/mockery: ^1.4
- orchestra/testbench: >=7.0
- pestphp/pest: ^2.6
README
Recover Laravel session when form post back from third-party API.
Installation
Via Composer:
composer require ycs77/laravel-recover-session
Publish config:
php artisan vendor:publish --tag=recover-session-config
Usage
Currently, the default value for Laravel's Cookie SameSite is set to Lax. This prevents cookies from being sent when using form post to transmit data to websites on other domains. As a result, after completing a payment and being redirected back to the original website, there is an issue where the user appears to be automatically logged out due to the inability to retrieve the original login cookie, this package will fix this.
Now you need to call RecoverSession::preserve() to save the current session ID into cache, and put the key in your callback URL, so that the current session can be resumed after the API returns with the key:
use Ycs77\LaravelRecoverSession\Facades\RecoverSession; public function pay(Request $request) { $key = RecoverSession::preserve($request); ThirdPartyApi::callbackUrl('/pay/callback?sid='.$key); // post form to third-party API... }
Thsi package will automatically retrieve the encrypted session ID from the callback URL and recover the original session state on back to this site.
Reference details for SameSite: https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
Locally Middleware
If you don't using the global recover session, you can set the config recover-session.global to true, and to adjust the order of the middleware so that RecoverSession is placed below StartSession. By default, Laravel's Kernel does not have the $middlewarePriority property. You can find it in the Laravel Framework or copy the code below and paste it into app/Http/Kernel.php:
class Kernel extends HttpKernel { /** * The priority-sorted list of middleware. * * Forces non-global middleware to always be in the given order. * * @var string[] */ protected $middlewarePriority = [ \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class, \Illuminate\Cookie\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Ycs77\LaravelRecoverSession\Middleware\RecoverSession::class, // need to place `RecoverSession` below `StartSession` \Illuminate\View\Middleware\ShareErrorsFromSession::class, \Illuminate\Contracts\Auth\Middleware\AuthenticatesRequests::class, \Illuminate\Routing\Middleware\ThrottleRequests::class, \Illuminate\Routing\Middleware\ThrottleRequestsWithRedis::class, \Illuminate\Contracts\Session\Middleware\AuthenticatesSessions::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \Illuminate\Auth\Middleware\Authorize::class, ]; }
Final, you can add the RecoverSession middleware to the callback route for the API:
use Ycs77\LaravelRecoverSession\Middleware\RecoverSession; Route::post('/pay/callback', [PaymentController::class, 'callback']) ->middleware(RecoverSession::class);
Sponsor
If you think this package has helped you, please consider Becoming a sponsor to support my work~ and your avatar will be visible on my major projects.