Is there a naming convention for the JWT token cookie? #2269
Description
Does the token always have to be named token?
I am working with JWT Auth in Laravel and I was sending the token back through a cookie and named it "authToken", but the token wasn't being recognized. I changed the name of my cookie to just "token" and the token is being recognized perfectly. I was wondering if there is a naming convention for the token? Does it only have to be named "token" and can't have any other name?
/**
* Get a JWT via given credentials.
*
* @return \Illuminate\Http\JsonResponse
*/
public function login(Request $request)
{
$credentials = $request->only('email', 'password');
if (! $token = auth()->attempt($credentials)) {
return response()->json([
"message" => "Error logging in: Invalid credentials."
], 401);
}
// Set the JWT token in an HttpOnly cookie
return response()->json([
"message" => "Login successful!"
], 200)->cookie('token', $token, auth()->factory()->getTTL() * 60, '/', null, true, true, false, 'Strict');
} // Changed from authToken
Your environment
| Q | A |
|---|---|
| Bug? | Maybe |
| New Feature? | no |
| Framework | Laravel |
| Framework version | 11 |
| Package version | 2.1 |
| PHP version | 8 |
Expected behaviour
The token should be recognized with any name.
Actual behaviour
The cookie is only working if named token