#Fortify Login -> Auth correct -> Redirect to login again and print params

Hi!

Using Laravel 11 with fortify.

AFter submit login form, it prints the params:

And then redirect to login page again. Any idea why?

Probably because you're outputting it somewhere?

don't think

some times it works

some times it doesn't

i'm really stuck on this!

logout same thing 🤯

Fortify wouldn't output that. It also looks like GET parameters, so probably you're making an incorrect request.
So yeah, you're probably outputting it somewhere.

when it works, doesn't output anything. just goes fine

Well, try to explain more about the issue. What code did you change, what code do you use to make the request etc.

it is a 302, i've escaped to stop on this apge

We can't just help with "it sometimes works"

i know!

i have just change the view of the form

everything else is fortity defaults

  <div class="flex min-h-screen items-center">
    <div class="bg-primary min-h-screen w-1/2"></div>
    <div class="h-full w-1/2 p-8">
      <x-validation-errors class="mb-4" />

      @session("status")
        <div class="mb-4 text-sm font-medium text-green-600">
          {{ $value }}
        </div>
      @endsession

      <div class="text-lg font-bold text-black">{{ __("login.login") }}</div>

      <form method="POST" action="{{ route("login") }}">
        @csrf

        <div class="flex w-full items-center gap-4">
          @livewire(
            "forms.input",
            [
              "label" => __("login.email"),
              "name" => "email",
              "type" => "email",
              "placeholder" => __("login.email"),
              "autocomplete" => "username",
            ]
          )

          @livewire(
            "forms.input",
            [
              "label" => __("login.password"),
              "name" => "password",
              "type" => "password",
              "placeholder" => __("login.password"),
              "autocomplete" => "current-password",
            ]
          )
        </div>

        <div class="flex items-center gap-4">
          @livewire(
            "forms.checkbox",
            [
              "label" => __("login.remember_me"),
              "name" => "remember",
              "value" => "checked",
            ]
          )

          @if (Route::has("password.request"))
            <a
              class="text-primary rounded-md text-sm hover:text-gray-900 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2"
              href="{{ route("password.request") }}"
            >
              {{ __("Forgot your password?") }}
            </a>
          @endif
        </div>

        <x-button class="mt-4">
          {{ __("login.login") }}
        </x-button>
      </form>
    </div>
  </div>
</x-guest-layout>

The view doesn't matter, as that's the GET page. You have actions, such as the login action, you're probably outputting data there.

https://laravel.com/docs/11.x/fortify#customizing-user-authentication
Also try to focus on one thing, it would help with debugging. If you're going all over the place it's not only hard to follow, it's also difficult to grasp on what you're doing or what's going wrong

GET|HEAD login .......................................................................................................................... login › Laravel\Fortify › AuthenticatedSessionController@create
POST login ................................................................................................................................... Laravel\Fortify › AuthenticatedSessionController@store

the request goes to fortify controllers

the ServiceProvider it's the default ```<?php

namespace App\Providers;

use App\Actions\Fortify\CreateNewUser;
use App\Actions\Fortify\ResetUserPassword;
use App\Actions\Fortify\UpdateUserPassword;
use App\Actions\Fortify\UpdateUserProfileInformation;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;
use Laravel\Fortify\Fortify;

class FortifyServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
//
}

/**
 * Bootstrap any application services.
 */
public function boot(): void
{
    Fortify::createUsersUsing(CreateNewUser::class);
    Fortify::updateUserProfileInformationUsing(UpdateUserProfileInformation::class);
    Fortify::updateUserPasswordsUsing(UpdateUserPassword::class);
    Fortify::resetUserPasswordsUsing(ResetUserPassword::class);

    RateLimiter::for('login', function (Request $request) {
        $throttleKey = Str::transliterate(Str::lower($request->input(Fortify::username())).'|'.$request->ip());

        return Limit::perMinute(55)->by($throttleKey);
    });

    RateLimiter::for('two-factor', function (Request $request) {
        return Limit::perMinute(5)->by($request->session()->get('login.id'));
    });
}

}

Do you have some middleware that just dumps request data?

nop.. don't have any custom middleware:

    ->withRouting(
        web: __DIR__.'/../routes/web.php',
        api: __DIR__.'/../routes/api.php',
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
      
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();

when i login, if I have wrong credentials, it says wrong credentials. when are the corret it doesn't say nothing (just to confirm that isn't not because i'm putting the wrong password!)

humm, if i remove the cookies, than refresh on login page, and try to login it works always

@inland otter do you think it could be something with session config»?

SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=null

I guess, search through your entire project for stuff like echo statements

vendor/symfony/http-foundation/RedirectResponse.php

the output it's here

now.. why?!

Because that's how HTTP works, as it's a fallback.

but why it's falling back to there? that's the thing!

Mate, the Redirecting to ... isn't an issue, that's default behaviour. You wouldn't see that page because the HTTP response is already taken into account. What's happening is, you're outputting data somewhere (the token, email, password), through an echo I guess, this would likely cause the response to be a 200 OK response instead of a 301. The issue isn't what symfony is doing, the issue is, additional data is outputted somewhere in your code.

the response is 301 and not 200. There is absolutly no echo anywhere in my code

this is almost for sure a session problem

It isn't tho. As you just showcased, the token/email/password would not be part of the output, while it's present in your output. So yes, it is being output somewhere.

and how do you explain that sometimes it works and doesn't output and sometimes don't work and output?

I don't know? I'm not clairvoyant, but one thing is clear; additional data is outputted.

nothing on project.. only in vendor that is exclused from search

Could even be print. But really, the thing is, there is data being outputted that should never end up there. So, you'd need to figure out why that's there in the first place.

Have you investigated the Livewire part of this? Livewire does a bunch of XHR requests for reactivity, that might be causing you issues, somehow, somewhere. Can't really say, as I don't use Livewire. But you could try and swap the loginpage with some basic HTML markup rendered by Blade and remove Livewire from the equation, to test that theory

nop, same thing