How to extend Laravel 5 auth properly?

Why is Session creation in Google appengine (Python) - simple auth failing?

• We have an application running on Google Appengine (Python 2.7), that uses https://code.google.com/p/gae-simpleauth/ for login and webapps2 framework. We are currently only supporting Facebook login. Problem: At times the facebook login - session creation does not work properly. This doesn't happen always and it affects only 10 % of the overall traffic on the site. The callback from Facebook auth to our site comes properly, we are also able to get the Facebook auth token. But the session creation alone fails. Control flow: 1) User clicks on "Login with Facebook" button on our page 2) User is redirected to Facebook for permissions (if its the first time login) 3) User is redirected back to our site on giving proper authorization in Facebook 4) User auth token is obtained on our site and we fetch user details from Facebook graph API using this token 5) A session is created and the cookie header is set on the response object (Place where issue occurs currently) 6) User is redirected to our dashboard (Dashboard is a screen that is displayed only for logged in users. So if the session/cookie is not created properly, the user will be redirected back to login page). Remedy already tried: My first guess was that the session creation is taking more time than the next line of code to execute. This can happen in case the session creation is an async process. So I have included a small delay between the session creation line and the next line. The idea was to given enough time for the uncommitted changes to be committed. Additionally, if the session was not really created at the end of the sleep time, I attempt to recreate the session object. Code: ok, user = self.auth.store.user_model.create_user(auth_id, **_attrs) print("creating user : "+str(ok)+" | user" +str(user)) if ok: self.auth.set_session(self.auth.store.user_to_dict(user))    print("User: "+str(self.auth.get_user_by_session())) if( self.auth.get_user_by_session() is None ): print("Existing user logging in.. But the set session didn't work So wait for sometime") time.sleep(0.5) if( self.auth.get_user_by_session() is None ): print("Existing user logging in.. But the set session didn't work So try again") self.auth.set_session(self.auth.store.user_to_dict(user)) But the above-mentioned technique is not working. And so, there is a flaw in my diagnosis. Requesting help in solving this problem. Please let me know if you need more information on the same.

• Answer:

  I haven't used Simple Auth. But I looked at their source code and it looks like when you set the session they store it in a self._user variable, and when you get the session they check that variable first and return it's value. So that rules out the async delay possibility. It also seems to rule out any possibility that the stored session is not being stored properly, because it's simply being put in a variable and then read again. So, I'd double check that the user is being created correctly every time. Is there a possibility that ok == True, but user == None?