laravel-impersonate
laravel-impersonate copied to clipboard
Set remember me token expire date to 1 year
When you stop impersonating a user, the expire date of the remember token gets set to session
.
This means that when you close the browser and the session ends, the remember me token is gone, and the user has to log in again (that is if the Laravel session expired). Setting the remember me token to a date will keep the remember token when the browser closes, and the user will still be logged in.
The expiration date is now hardcoded to 1 year, if a user would like to change this, he has no way of doing that. Perhaps it's a good idea to maybe add it to the config file or add a param to the leave
method (with a default value).
Using config file in laravel-impersonate.php
/**
* The expiration date in minutes for the remember me token after leaving an impersonation.
* Default is 1 year.
*/
'remember_me_expiration' => 525600,
ImpersonateManager.php
$this->app['cookie']->queue($session[0], $session[1], config('laravel-impersonate.remember_me_expiration'));
Passing time through leave
// Changed line
public function leave(int $expireTime = 525600): bool
{
try {
$impersonated = $this->app['auth']->guard($this->getImpersonatorGuardUsingName())->user();
$impersonator = $this->findUserById($this->getImpersonatorId(), $this->getImpersonatorGuardName());
$this->app['auth']->guard($this->getCurrentAuthGuardName())->quietLogout();
$this->app['auth']->guard($this->getImpersonatorGuardName())->quietLogin($impersonator);
// Changed line
$this->extractAuthCookieFromSession($expireTime);
$this->clear();
} catch (\Exception $e) {
unset($e);
return false;
}
$this->app['events']->dispatch(new LeaveImpersonation($impersonator, $impersonated));
return true;
}
// Changed line
protected function extractAuthCookieFromSession(int $expireTime): void
{
if (!$session = $this->findByKeyInArray(session()->all(), static::REMEMBER_PREFIX)->first()) {
return;
}
// Changed line
$this->app['cookie']->queue($session[0], $session[1], $expireTime);
session()->forget($session);
}
Would you have a preference?
I think I would prefer the config file version, this isn't something that needs to be set on a case by base bases so a config value should work fine.
I agree, config would make more sense, I'll adjust the code.
Hi, any update on this?
I've occasionally run into this remember-token confusion. I hadn't investigated, but it looks like your proposal probably solves that. Thanks for that.
One year is probably fine.
Perhaps there's value in simply checking what the intended guard's "forever" length is set to, and using that?
The default "forever" length for Laravel 9+ is 400 days (per standards). (Prior to that it was 5 years.): https://github.com/laravel/framework/pull/43806 https://github.com/laravel/framework/pull/44026