F
Filament11mo ago
NolanN

Extra sessions being created when clicking an action button

I'm running into an issue where additional sessions are being creating when taking simple actions in my app. For example, I have a Source resource with a list page. I've added a simple action:
protected function getHeaderActions(): array
{
return [
Actions\CreateAction::make(),
Actions\Action::make('url')
->form([
TextInput::make('url')
->label('URL')
->placeholder('https://example.com')
->required()
->rules('url'),
]),
];
}
protected function getHeaderActions(): array
{
return [
Actions\CreateAction::make(),
Actions\Action::make('url')
->form([
TextInput::make('url')
->label('URL')
->placeholder('https://example.com')
->required()
->rules('url'),
]),
];
}
When I click on the action, there is a single call in the network tab and a new session is created in storage/framework/sessions. Without adding any text to the input, I click away and 2 more network calls are made, each producing another session. Clearly something is misconfigured with my setup. I am using stancl/tenancy for custom domain support and I'm using a panel on a subdomain in this example.
Solution:
I finally figured it out. Well sorta at least. I have a couple different panels in my app and one of them had isPersistant = true. Removing that fixed the issue. I don't know what is happening internally to cause the issue. Part of the reason I missed it was because isPersistant wasn't set on the panel I was actually testing but having it set on a different panel still caused the issue
Jump to solution
7 Replies
NolanN
NolanNOP10mo ago
FWIW, I'm also seeing extra sessions being created when I use a panel on the primary domain. Also, here is the middleware stack from my tenant panel provider. The first 2 items are from stancl/tenancy:
->middleware([
InitializeTenancyByDomainOrSubdomain::class,
PreventAccessFromCentralDomains::class,
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
AuthenticateSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
DisableBladeIconComponents::class,
DispatchServingFilamentEvent::class,
], isPersistent: true)
->authMiddleware([
InitializeTenancyByDomainOrSubdomain::class,
PreventAccessFromCentralDomains::class,
Authenticate::class,
]);
->middleware([
InitializeTenancyByDomainOrSubdomain::class,
PreventAccessFromCentralDomains::class,
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
AuthenticateSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
DisableBladeIconComponents::class,
DispatchServingFilamentEvent::class,
], isPersistent: true)
->authMiddleware([
InitializeTenancyByDomainOrSubdomain::class,
PreventAccessFromCentralDomains::class,
Authenticate::class,
]);
I still haven't been able to figure this one out. Any help would be appreciated! Anyone even have a guess for a direction I should look on this? Is this likely to be a Livewire issue? Still hoping I can get some help on this. After some additional testing, it seems that anytime there is a call to /livewire/update two new sessions are being created but none of the old sessions are removed. I would imagine that none of these sessions should be created at all. The /livewire/update requests are on the correct domain and use the same scheme. I'm using Laravel Herd and my site is secured. The /livewire/update calls do have a different XSRF and session tokens. @Hugh Messenger @Tin Modric Sorry to ping you directly but I haven't been able to get any input on this. Are either of you able to help or point me to someone who can?
awcodes
awcodes10mo ago
It shouldn’t be creating any sessions. It’s already logged in so it should be that one user session. I’d start by seeing if there’s an issues open or closed on the tenancy package about similar issues.
NolanN
NolanNOP10mo ago
Thanks for the reply. I didn't think it was an issue because this was still happening on the base domain but I will look into that further
awcodes
awcodes10mo ago
Definitely something weird going on. My gut is telling me it’s a middleware issue, and my other gut 🤣 is telling me it’s something with the combination of the tenancy package and filament. Others are successfully using both together though.
cheesegrits
cheesegrits10mo ago
Well, other people are using both together ... we don't necessarily know that they aren't having the same issue, and just haven't noticed the extra sessions. Not a folder anyone ever looks in, typically. @NolanN have you tried it on anything other than Herd?
NolanN
NolanNOP10mo ago
The same issue is happening on a web server provisioned via forge. I do think there's some misconfiguration in my project. I did a very basic test just installing filament and the tenancy package and I was not running into this problem in that case, but again I was very simplistic
Solution
NolanN
NolanN10mo ago
I finally figured it out. Well sorta at least. I have a couple different panels in my app and one of them had isPersistant = true. Removing that fixed the issue. I don't know what is happening internally to cause the issue. Part of the reason I missed it was because isPersistant wasn't set on the panel I was actually testing but having it set on a different panel still caused the issue

Did you find this page helpful?