Forms still expire

Question

Forms still expire

Closed this issue 5 years ago · 21 comments

ItaloBC commented 6 years ago

Expected Behavior

Forms stills alive

Actual Behavior

They expire

Details

Using the middleware method, all the drips get 204, no problem so far. The only thing I noted is that after the session time expiration, the XSRF-TOKEN cookie being sent for the drip disappears.

It seems that Laravel doesn't want to maintain the token session alive in the form even if the drips are correctly sent and responded.

Already removed and reinstalled Caffeine and dumped the autoload juts to be sure.

Workaround

~~Using Axios, I made a normal get to the form located axios.get('https://myapp.test/login and the token lives throught the timeout . But using axios to the default dripping route doesn't.~~

It would seem that Laravel session enforces the current URL, but after using get on other routes of the application (like axios.get('https://myapp.test/artist/michael-jackson/albums/all')) also keep them alive.

See updates.

Environment

PHP Version: 7.2.4
NGINX: 1.12.2
Laravel Version: 5.6
LaravelCaffeine Version: 0.6.8

Stack Trace

Unavailable.

Answer 1 · 2018-04-10T15:17:10.000Z

Update 2:

Removed Caffeine. Went to web-php and added my own drip route:

Route::get('/drip-route', function() {
    return response(null, 204);
});

Then I made a GET with Axios to that point (which includes a CSRF token in the meta), and the form didn't expire.

Back to installing caffeine and see where the chain fails.

Answer 2 · 2018-04-10T15:49:25.000Z

Update 3 (This is weird)

Installed Caffeine, everything default.

I deleted the route declaration in /routes/web.php of this package:

// Route::get($dripRoute, Drip::class.'@drip');

Then I added the default route in my web.php, at root.

Route::get('/genealabs/laravel-caffeine/drip', function() {
    return response(null, 204);
});

Success. Forms doesn't expire.

But it won't work if the route is declared using the web.php of this package. That means that something is interfering with the route that Caffeine is declaring, but at glance everything is clean.

But...

Moving the same code I added in my web.php to the route/web.php package gives the same problem:

// Route::get($dripRoute, Drip::class.'@drip');

Route::get('/genealabs/laravel-caffeine/drip', function() {
    return response(null, 204);
});

With this, forms still expire.

Answer 3 · 2018-04-12T02:43:56.000Z

Hi guys, thanks for reporting this. I will check this out soon -- I'm currently swamped with work, but hope to get to it over the weekend.

Answer 4 · 2018-07-26T01:31:44.000Z

I've also encountered this issue (or something very similar).

PHP Version: 7.2.7
NGINX: nginx/1.14.0 (Ubuntu)
Laravel Version: 5.6
LaravelCaffeine Version: ^0.6.11

I noticed that the session was still expiring on an idle form and research led me here. After trying the workaround of creating a route in my web.php file to catch the drip requests, the session is no longer expiring.

From the network tab on Chrome devtools the only difference I can see is that when the drips are handled by the overridden route the following response headers get sent:

Set-Cookie: XSRF-TOKEN={snip}; expires={snip}; Max-Age=7200; path=/
Set-Cookie: {snip}_session={snip}; expires={snip}; Max-Age=7200; path=/; httponly

When the default route handles the drip those response headers are absent. Everything else looks identical though.

I'm up and running with the overridden route entry though so thanks for posting that workaround!

Answer 5 · 2018-08-05T19:16:45.000Z

@s21825 @ItaloBC Please add this bit of code to your form page, and let me know what the output is:

<?php dd(php_sapi_name()); ?>

Answer 6 · 2018-08-05T21:41:48.000Z

This is what I get:

"fpm-fcgi"

Answer 7 · 2018-08-05T23:27:52.000Z

@s21825 that should work. Can you try the latest update from today and see if the problem still persists? I tried with a new Laravel project and it worked. If it still doesn't work for you, can you post a link to a repo that reproduces the error? Thanks!

Answer 8 · 2018-08-06T00:14:04.000Z

I just did a quick test by setting my session lifetime to 6 minutes with the default drip interval of 5 minutes. After three drips I still had an active session. So it appears to be working as expected with the latest version. I'll leave things idle for a few hours and check again but so far so good! Thanks for following up.

Answer 9 · 2018-08-06T20:42:55.000Z

After further investigation, the session is still expiring with the new release. I'll have to see if I can put together a public project to share with the issue present as I am not able to share my current project.

Answer 10 · 2018-08-09T22:23:39.000Z

Same problem here.

So I tested by adding the drip route on my wep.php file and this is working too.

I compared the two cases by doing php artisan route:list and there is a difference, in my web.php the route is using web middleware but when this is in the plugin there is no middleware used.

I don't know why yet but it explains the problem, without web middleware, laravel session middlware is not triggered.

Answer 11 · 2018-08-09T22:24:55.000Z

@MoogyG can you also run this command in your blade view with your form, and report back with the result:

<?php dd(php_sapi_name()); ?>

Answer 12 · 2018-08-09T22:28:11.000Z

"fpm-fcgi"

I am using laradock on ubuntu 16.04.

Found something, php dd($this->middlewareGroupExists('web')); give me false in boot method of your provider.

I am using dusk that is hard coding web middleware in his service provider and horizon that is using a config file for that.

Why are you checking web middleware presence?

Answer 13 · 2018-08-09T22:55:48.000Z

@MoogyG that needs to be checked for backward compatibility. The command I provided above directly relates to that middleware check, but your's shouldn't be reporting false. Can you follow the chain and see what line of code causes it to be false on your system?

Thanks!

Answer 14 · 2018-08-09T23:05:49.000Z

$routes = collect(app('router')->getRoutes()->getRoutes());
dd($routes);

only report "barryvdh/laravel-debugbar" routes that is not using web middleware.

Is there a problem with laravel auto package discovery? If you are the first service loaded, you can't see other routes, i don't think it's a good way.

Answer 15 · 2018-08-09T23:07:12.000Z

By any chance are you using route closures? Also, would you mind pasting your routes/web.php file content here? Thanks!

Answer 16 · 2018-08-09T23:10:31.000Z

none route closures until I wrote to test:

Route::get( 'caffeine/drip', function() { return response(null, 204); });

And i am not authorized to do that

Answer 17 · 2018-12-05T21:53:47.000Z

Any updates here, I have same issue the package is still dripping but the session still keeping expired.

Answer 18 · 2019-04-18T03:45:06.000Z

laravel 5.8 same issue, middlewareGroupExists return false because $routes = collect(app('router')->getRoutes()->getRoutes()); is empty array。

Answer 19 · 2019-05-23T16:09:53.000Z

Same here.
Why don't you use hasMiddlewareGroup function of the Router if it is available? It's 5.4+
And it can see my 'web' group
Laravel API

Answer 20 · 2019-05-23T16:11:35.000Z

@smirnov-tk @mazen1985 @MoogyG @liyu001989 Sorry for the delay on this. Thanks for the suggestion @smirnov-tk, I will take a look.

Answer 21 · 2019-07-01T00:24:56.000Z

@smirnov-tk @mazen1985 @MoogyG @liyu001989 I finally got around to updating the code with @smirnov-tk's suggestion. Please try release 0.8.2 or newer and let me know how it works.