Cookie Identity Resolver

Sometimes you'll want to identify a tenant without having the identifier in the URL, and in a situation where you can't expect a HTTP header to be provided. For those situations, there's the cookie identity resolver

Introduction

The cookie identity resolver is a driver for Sprouts identity resolver functionality that uses a cookie to identify a tenant.

This identity resolver does not use the URL, so you cannot generate a link for a specific tenant.

Configuring

When configuring your resolver in the multitenancy config you only need to do one thing to use this identity resolver, set the driver to cookie. An example config entry for this identity resolver looks like so.

1'resolvers' => [
2 'cookie' => [
3 'driver' => 'cookie',
4 ],
5]

You can also optionally provide the name of the cookie using the cookie config option. This option allows you to provide placeholders like the other identity resolvers and their route parameters, and will default to {Tenancy}-Identifier.

1'resolvers' => [
2 'cookie' => [
3 'driver' => 'cookie',
4 'cookie' => '{Tenancy}-Identifier'
5 ],
6]

When providing a cookie name, you can use the placeholders {tenancy} and {resolver}. {tenancy} will be replaced by the registered name of the current tenancy, and {resolver} will be replaced by the registered name of the identity resolver. The default value is {tenancy}_{resolver}. You can also use {Tenancy} and {Resolver} which will run the value through ucfirst() to uppercase the first letter.

You can further customise this identity resolver using the options config option, which should contain a key value array of cookie options, which will override the values retrieved from the session.php config file. The following options are supported.

Option Config Description
minutes The number of minutes until the cookie expires
path session.path The path the cookie should be bound to
domain session.domain The domain the cookie should be bound to
secure session.secure Whether the cookie should be secure only
http_only session.http_only Whether the cookie should be HTTP only, and hidden from Javascript
same_site session.same_site The cookie same site restrictions

Using

To make use of this identity resolver, once configured, either set the default resolver to its name.

1'defaults' => [
2 //...
3 'resolver' => 'cookie',
4]

Or provide its name as the second argument when registering tenanted routes.

1Route::tenanted(function () {
2 // Define tenant routes here
3}, 'cookie');

The identity resolver itself is the Sprout\Http\Resolvers\CookieIdentityResolver class and has a few additional methods that may be of use.

1public function getCookieName(): string
2 
3public function getRequestCookieName(Tenancy $tenancy): string

The getCookieName() method will return the config value header, and the getRequestCookieName() will return the cookie name for the current tenant of the provided tenancy.