Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP PHP User Authentication Adding Authentication to Your Application Require Authentication

Justin Sorensen
Justin Sorensen
14,734 Points
Posted by Justin Sorensen
Justin Sorensen
14,734 Points

isAuthenticated is not working for me, at least it does not seem to be holding cookies in the browser.

I am not abled to get isAuthenticated to work, therefore I am not able to set the cookie in the browser. I am double checking that a new user is add to the database when I register, but the cookie, set by the JWT is not setting the access_token. I also downloaded the latest files to check to see if it's just me and the cookie is not working with the downloaded files either. Specifically request()->cookies->has('access_token') returns false. I am using Google Chrome on Macbook OSX Sierra, and I have a php -S localhost:8000 connection going. Not sure if any of that matters, but is it possible that somehow I'm unable to see cookies locally? Anyone have any clue?

Alessandro Prampolini
Alessandro Prampolini
Courses Plus Student 10,714 Points
Alessandro Prampolini
Alessandro Prampolini
Courses Plus Student 10,714 Points

It seems that the problem is that the Obj returned from Response->Cookie has all variables sets to protected, so it is impossible to reach those and mange them inside an array. Is it right Alena Holligan ?

7 Answers

Justin Sorensen
Justin Sorensen
14,734 Points
Justin Sorensen
Justin Sorensen
14,734 Points

Anton Starkov, well wouldn't you know, I left everything the same as the project has it, but for the domain, I got rid of my cookie domain port number alltogether. So with the following cookie domain set, when working locally on this project, you should not receive an error and you should in fact see an 'access_token' being set.

My .env file:

SECRET_KEY=7B55C0029BE83CCD50960C81E26BD1130E70B606818B22089B7B5215F072077F
COOKIE_DOMAIN=localhost

And in the head of my index.php file:

<?php
require_once __DIR__ . '/inc/bootstrap.php';

//print out request to verify 'access_token' is set:
print '<pre>';
echo request();
print '</pre>';
//notify home page that we are logged in:
if (request()->cookies->has('access_token')) {
    echo "logged in";
}

Alena Holligan

Justin Sorensen
Justin Sorensen
14,734 Points
Justin Sorensen
Justin Sorensen
14,734 Points

Does anyone else have a solution to this caching issue? Please reach out to me if you do have a solution where request()->cookies->has('access_token') does not return false. I have reached out to the instructors of this course and they have failed to respond after a weeks time. In fact this always seems to be the case with Treehouse instructors. I don't think it's a fair solution to say "if you can't get cookies to work, then just use sessions," [paraphrased] in this course. Why present cookies in the first place? In any case I'm hoping someone out there has a solution.

Anton Starkov
Anton Starkov
5,215 Points
Anton Starkov
Anton Starkov
5,215 Points

I don't know if this helps, but try checking your COOKIE_DOMAIN inside of .env file. At first I wasn't sure what the domain path should be as I also work locally (although on Windows), but then I just set COOKIE_DOMAIN=localhost and everything worked. I've found out that the paths in general can get a bit tricky, i.e. when your DocumentRoot is not the same as your project root - in this case you need to re-validate all the hrefs and whatnot in the project files (:

Justin Sorensen
Justin Sorensen
14,734 Points
Justin Sorensen
Justin Sorensen
14,734 Points

Hey Anton Starkov I have my COOKIE_DOMAIN set to localhost:8000/. I dont know if you included the port or not, but maybe I need to omit that part? Are you saying that you are seeing that request()->cookies->has('access_token') does not return false for you? Thanks.

Anton Starkov
Anton Starkov
5,215 Points
Anton Starkov
Anton Starkov
5,215 Points

If you want to make sure if it is really COOKIE_DOMAIN that is the problem, you can disable it by actually not passing getenv('COOKIE_DOMAIN') when instantiating Symfony\Component\HttpFoundation\Cookie:

$accessToken = new Symfony\Component\HttpFoundation\Cookie(
        'access_token',
        $jwt,
        $expTime,
        '/'
        //getenv('COOKIE_DOMAIN')
);

Inside my .env I don't have my port included, but I don't have it showing in the url either. If i specify the port (localhost:80), access token does not work any longer. If previous step got request()->cookies->has('access_token') to return true for you, I would suggest removing the slash at the end of localhost:8000/ or maybe even port and slash altogether.

Joshua Hardy
Joshua Hardy
17,317 Points
Joshua Hardy
Joshua Hardy
17,317 Points

I just completed the php user authentication course. For the project that I am working on, which is my first project, I decided that I would include a session file (session_start();) instead of using cookies. I decided that sessions was the better of the two options for my project due to ease of programming as well as other factors. If cookies is too complex, I would suggest considering doing the same.

Justin Sorensen
Justin Sorensen
14,734 Points
Justin Sorensen
Justin Sorensen
14,734 Points

Hey Joshua, I've reached out to the teachers of this course- hoping to get a reply from them as well. I'd like to get cookies working, but in this case I'm glad you have a solution. Would you mind sharing your session file with me? I'm a bit unsure how to get that rolling if it's any different from what we did in this course.

Thanks, Justin

Joshua Hardy
Joshua Hardy
17,317 Points
Joshua Hardy
Joshua Hardy
17,317 Points

Keep in mind that this is my first php program to build, I have decided to keep it simple. The code is below:

<?php session_start(); ?>

My project is in the beginning of the developmental stage. I could have added a session_destroy or unset to end the session, but I was not concerned with it at this stage. Once I get the project further developed, then I will more than likely go back and add more to it.

Thandolwenkosi Sibanda
Thandolwenkosi Sibanda
5,588 Points

Hie..Im also havng the same problem with the-- request()->cookies->has('access_token') did you get any solution from the instructors regarding the cookies.If so may you kindly share..The solution would be much appreciated..i have been stuck on the section for a couple of days now.

Thandolwenkosi Sibanda
Thandolwenkosi Sibanda
5,588 Points
Thandolwenkosi Sibanda
Thandolwenkosi Sibanda
5,588 Points

I found the solution---the problem was with the browser that i was using (EDGE) so avoid it like the plague...when using cookies

Brian Ball
Brian Ball
23,661 Points
Brian Ball
Brian Ball
23,661 Points

I had trouble logging out and found that the paths in my cookie creation & deletion were off by a "/ "

I.e. since I wasn't developing this at the root, I put it in a subdirectory /books When I created the cookie, I created it at the $path of /books

When I tried to doLogout -- the cookie was expiring at the path /books/ <--- notice that trailing slash. That was breaking the whole thing.

When I made sure the creation of the cookie and then creating a new cookie with negative time did so on the same path, the problem of not being able to logout was solved.