Setup is Laravel 4.2 Project with Sessions set to use the database. I am using the Laravel PHP CAS Module (https://github.com/XavRsl/Cas).
On a single instance, everything works fine since the phpCAS uses the native filebased $_SESSION. When put in a load balanced situation this causes redirects when hitting the server which doesn't have the CAS user information.
To overcome this I implemented the phpCAS _postAuthenticateCallbackFunction and store the $_SESSION variables in the Laravel Session.
function postAuthenticateCallback($ticket) {
//save the phpCAS info into the session that will be stored in the laravel session, if it exists
if (isset($_SESSION['phpCAS'])) {
Session::put('phpCAS', $_SESSION['phpCAS']);
Session::save();
}
}
Then it redirects to remove the CAS ticket. I attempt to take the phpCAS data out of the laravel session and store it back in the native session (gross, I know...). Problem is that a new Laravel Session starts up which is missing that information and we start the cycle again. Sometimes by clicking refresh a lot, the session sticks and everything works, until I try to logout in which I have the problem in reverse...
I noticed that when I am having the problem, there is no session cookie stored. When its working and finding the same session on both servers, there is a session cookie.
Does anyone know how to force Laravel to write the session cookie?
Does anyone have any insight into this problem? I can't imagine I'm the only one since lots of people use CAS for single signon and laravel is pretty popular.