Jump to content

Slim CSRF session not found


lachieggg
Go to solution Solved by requinix,

Recommended Posts

I have a site set up with PHP and Slim CSRF, and everything was working until recently. Now, I've decided to locally test dockerizing my application, and the CSRF appears to be breaking my application.

I've got a bootstrap file in ./bootstrap/app.php which I will show here:
 

<?php

session_start();

use Respect\Validation\Validator as v;

use SlimCrf;

require __DIR__ . '/../vendor/autoload.php';

$app = new \Slim\App([
    'settings' => [
        'displayErrorDetails' => true,
        'db' => [
            'driver' => 'mysql',
            'host' => 'localhost',
            'database' => 'db',
            'username' => 'username',
            'password' => 'password',
            'charset' => 'utf8',
            'collation' => 'utf8_unicode_ci',
            'prefix' => '',
        ]
    ],
]);

$container = $app->getContainer();

$capsule = new \Illuminate\Database\Capsule\Manager;
$capsule->addConnection($container['settings']['db']);
$capsule->setAsGlobal();
$capsule->bootEloquent();

$container['db'] = function ($container) use ($capsule) {
    return $capsule;
};

$container['auth'] = function ($container) {
  return new \LoginApp\Auth\Auth($container);
};

$container['view'] = function ($container) {
    $view = new \Slim\Views\Twig(__DIR__ . '/../resources/views', [
        'cache' => false,
    ]);

    $view->addExtension(new \Slim\Views\TwigExtension(
        $container->router,
        $container->request->getUri()
    ));

    $view->getEnvironment()->addGlobal('auth', [
      'check' => $container->auth->check(),
      'user' => $container->auth->user(),
    ]);

    return $view;
};

$container['validator'] = function ($container) {
    return new LoginApp\Validation\Validator;
};

$container['csrf'] = function ($container) {
  $csrf = new \Slim\Csrf\Guard();
  $csrf->setPersistentTokenMode(true);
  return $csrf;
};

$app->add(new \LoginApp\Middleware\ValidationErrorsMiddleware($container));
$app->add(new \LoginApp\Middleware\OldInputMiddleware($container));
$app->add(new \LoginApp\Middleware\CsrfViewMiddleware($container));


// CSRF protection for Slim 3
$app->add($container->csrf);

require __DIR__ . '/../app/routes.php';


When I am running the application, I receive a page which I have attached.

It's strange that the session is not being found in this dockerized application, and makes me wonder whether some dependency updates have occurred, but I'm not sure why that would break things.

Here is my apache configuration:
 

<VirtualHost *:80>
     ServerAdmin admin@lachiegrant.io.com
     ServerName lachiegrant.io.com
     ServerAlias www.lachiegrant.io.com

     DocumentRoot /var/www/lachiegrant.io/public

     <Directory /var/www/lachiegrant.io/public>
         Options Indexes FollowSymLinks
         AllowOverride All
         Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>



Thanks in advance.

 

Screen Shot 2021-08-12 at 5.04.20 pm.png

Edited by lachieggg
Link to comment
Share on other sites

  • lachieggg changed the title to Slim CSRF session not found
  • Solution

Read the error messages.

The first one says that "use SlimCrf" is a pointless statement. It doesn't do anything.

The second one says that it couldn't session_start() because there was output. Which there was: the first error message.

What course of action do you think you should take?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.