Slim CSRF session not found

lachieggg · August 12, 2021

I have a site set up with PHP and Slim CSRF, and everything was working until recently. Now, I've decided to locally test dockerizing my application, and the CSRF appears to be breaking my application.

I've got a bootstrap file in ./bootstrap/app.php which I will show here:

<?php

session_start();

use Respect\Validation\Validator as v;

use SlimCrf;

require __DIR__ . '/../vendor/autoload.php';

$app = new \Slim\App([
    'settings' => [
        'displayErrorDetails' => true,
        'db' => [
            'driver' => 'mysql',
            'host' => 'localhost',
            'database' => 'db',
            'username' => 'username',
            'password' => 'password',
            'charset' => 'utf8',
            'collation' => 'utf8_unicode_ci',
            'prefix' => '',
        ]
    ],
]);

$container = $app->getContainer();

$capsule = new \Illuminate\Database\Capsule\Manager;
$capsule->addConnection($container['settings']['db']);
$capsule->setAsGlobal();
$capsule->bootEloquent();

$container['db'] = function ($container) use ($capsule) {
    return $capsule;
};

$container['auth'] = function ($container) {
  return new \LoginApp\Auth\Auth($container);
};

$container['view'] = function ($container) {
    $view = new \Slim\Views\Twig(__DIR__ . '/../resources/views', [
        'cache' => false,
    ]);

    $view->addExtension(new \Slim\Views\TwigExtension(
        $container->router,
        $container->request->getUri()
    ));

    $view->getEnvironment()->addGlobal('auth', [
      'check' => $container->auth->check(),
      'user' => $container->auth->user(),
    ]);

    return $view;
};

$container['validator'] = function ($container) {
    return new LoginApp\Validation\Validator;
};

$container['csrf'] = function ($container) {
  $csrf = new \Slim\Csrf\Guard();
  $csrf->setPersistentTokenMode(true);
  return $csrf;
};

$app->add(new \LoginApp\Middleware\ValidationErrorsMiddleware($container));
$app->add(new \LoginApp\Middleware\OldInputMiddleware($container));
$app->add(new \LoginApp\Middleware\CsrfViewMiddleware($container));


// CSRF protection for Slim 3
$app->add($container->csrf);

require __DIR__ . '/../app/routes.php';

When I am running the application, I receive a page which I have attached.

It's strange that the session is not being found in this dockerized application, and makes me wonder whether some dependency updates have occurred, but I'm not sure why that would break things.

Here is my apache configuration:

<VirtualHost *:80>
     ServerAdmin admin@lachiegrant.io.com
     ServerName lachiegrant.io.com
     ServerAlias www.lachiegrant.io.com

     DocumentRoot /var/www/lachiegrant.io/public

     <Directory /var/www/lachiegrant.io/public>
         Options Indexes FollowSymLinks
         AllowOverride All
         Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Thanks in advance.

Edited August 12, 2021 by lachieggg

requinix · August 12, 2021

Read the error messages.

The first one says that "use SlimCrf" is a pointless statement. It doesn't do anything.

The second one says that it couldn't session_start() because there was output. Which there was: the first error message.

What course of action do you think you should take?

lachieggg · August 12, 2021

Thanks. I've removed that "use SlimCrf" line and it worked.

Edited August 12, 2021 by lachieggg

Sign In

Slim CSRF session not found

Recommended Posts

lachieggg

Link to comment

Share on other sites

requinix

Link to comment

Share on other sites

lachieggg

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information