Starting from 4.1.28, Application::boot() does not initialize sensitive session data anymore. That is, it is accessible, but encrypted. So if you're integrating 3rd party library, which needs external authentification check through sessions, simple checking Auth::check() will not work. However, we can still use old $_SESSION variable. Examples of 3rd party libraries: CkFinder, elFinder (has Laravel package though), MoxieManager. N.B. If you can use Ajax calls for authorization checks, you can still make a custom API with JSON request to user-logged (as an example) to see if user is authentificated.

/* This one will not work - Auth::check() will always return false */
require __DIR__.'/../bootstrap/autoload.php';
$app = require_once __DIR__.'/../bootstrap/start.php';
$app->boot();
return Auth::check();

/* Session variables for Auth::check() to work are initialized only in $app->run() sequqnce */
/* But in that case, routing will take place and probably you will get unrecognized page */
/* ... unless you're using dedicated Laravel package for this */


/* This one - below - still works */

// Somewhere in your app - e.g. in filters.php, "auth"/"guest" filters declaration
if (session_id() == '') {
    @session_start();
    /* or Session:start(); */
}
$_SESSION['isLoggedIn'] = Auth::check() ? true : false;

// then in 3rd party library authentification check
if ( $_SESSION['isLoggedIn'] ) return true;

Stats

1 like
• 10241 views

Categories

• Session

Tags

• 4.1
• authentication