I use database sessions and user tokens.
When a user login, i send back the session_token (which I stored in the sessions table and also on the users table as user_token field). So every time a user logs in gets a new token and the session will expire after 30 min.
For every request, I make sure that the session is still active and the token belong to the user_id that is sending the request. I also record the User IP on users table when user login and validate against the request.
extjac said:
I use database sessions and user tokens.
When a user login, i send back the session_token (which I stored in the sessions table and also on the users table as user_token field). So every time a user logs in gets a new token and the session will expire after 30 min.
For every request, I make sure that the session is still active and the token belong to the user_id that is sending the request. I also record the User IP on users table when user login and validate against the request.
I don't understand how you auth user if he came from another domain?
have a look at this videos.. https://www.udemy.com/laravel-5-php-framework-agile-and-practical-php-restful-api/?dtcode=hjsZQFF39ekB#/lecture/3051110
or this https://github.com/barryvdh/laravel-cors
or this https://laracasts.com/discuss/channels/requests/laravel-5-cors-headers-with-filters
or this https://github.com/lucadegasperi/oauth2-server-laravel
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community