I am writing an application in laravel sanctum using breeze for user authentication and vue3 with pinia. And it seems that the user's login, registration, and logout work correctly for me, but the problem is that every time I open the page in developer mode->application-> cookies, then there I have 2 essentially necessary cookies laravel_session and XSRF-TOKEN, but at the same time it constantly appears some kind of cookie with an unknown name, like this: dHOR0NO6MzU3oACai6PsW6rJdbcJ1XatVnlcytY3. And so it is every time. Also, when calling some method that requires a CSRF TOKEN (by the type of such)
const getCsrfToken = async () => {
if (!document.cookie.includes('XSRF-TOKEN')) {
try {
await axios.get('/sanctum/csrf-cookie');
} catch (error) {
console.error("Ошибка получения CSRF токена", error);
}
}
};
and then we call this method somewhere:
const login = async (email, password) => {
try {
await getCsrfToken(); // получаем CSRF токен
await axios.post('/api/login', { email, password });
await getUser(); // получаем информацию о пользователе
} catch (error) {
console.error('Ошибка авторизации', error);
throw error;
}
};
and if you do this, then every time I call the getCsrfToken method, I will create 2 more such incomprehensible cookie. And this will happen until I get error 431 in the browser, and after clearing the cookie, it disappears.
I seem to have configured everything as needed in the configuration files in laravel, but I still create these cookies. I changed it in the CORS file:
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => [env('FRONTEND_URL', 'http://localhost:5173')],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
I changed and added something in the .env file:
FRONTEND_URL=http://localhost:5173
SESSION_COOKIE=laravel_session
SANCTUM_STATEFUL_DOMAINS=localhost:5173
SESSION_DRIVER=cookie
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=localhost
I changed it in the file session.php:
'domain' => env('SESSION_DOMAIN', null),
'same_site' => env('SESSION_SAME_SITE', 'lax'),
'http_only' => env('SESSION_HTTP_ONLY', true),
'partitioned' => env('SESSION_PARTITIONED_COOKIE', false),
'cookie' => env(
'SESSION_COOKIE',
Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
),
'table' => env('SESSION_TABLE', 'sessions'),
'driver' => env('SESSION_DRIVER', 'cookie'),
I changed it in the file sanctum.php:
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', 'localhost:5173')),
'guard' => ['web'],
'expiration' => null,
'token_prefix' => env('SANCTUM_TOKEN_PREFIX', ''),
'middleware' => [
'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
'encrypt_cookies' => Illuminate\Cookie\Middleware\EncryptCookies::class,
'validate_csrf_token' => Illuminate\Foundation\Http\Middleware\ValidateCsrfToken::class,
],
In general, what I did not change, it was all useless.
I also have the following code on the frontend in pinia:
axios.defaults.baseURL = 'http://localhost:8000';
axios.defaults.withCredentials = true;
axios.defaults.withXSRFToken = true;
Well, in general, my getCsrfToken method is called in the methods: login, register, logout, as well as in a method that requires the user to be logged in under a certain role in order to add new data to the database. And when I call each method, I create a new cookie, which in fact should not be. I'm new to the backend, so don't judge me harshly. I hope for help.
