Check authenticated user on Laravel from inside Wordpress?

Question

Here's a weird one.

I have two websites, one powered by Laravel (5.3) and one powered by Wordpress.

Laravel exists at portal.example.com

Wordpress exists at example.com

I'm trying to check which user is currently logged in on the Laravel site from the Wordpress site.

I have Laravel set up to use the cookie driver for sessions, and have the cookie domain set to .example.com so I can now see this cookie from anywhere on the Wordpress site.

At the top of the wordpress header file (or the wp-load.php file, or functions.php file, I've tried a bunch of places but get the same problem) I have included the following...

require $_SERVER['DOCUMENT_ROOT'].'/../laravel/bootstrap/autoload.php';
$laravel = require $_SERVER['DOCUMENT_ROOT'].'/../laravel/bootstrap/app.php';

$laravel->make('Illuminate\Contracts\Http\Kernel')
        ->handle(Illuminate\Http\Request::capture());

if (Auth::check()) {
    var_dump(Auth::user()->id);
} else {
    var_dump(false);
}

Now, whenever I login on the Laravel site, I can go to example.com and up at the top of the page my Laravel user's ID is currently being var_dump'd successfully.

However, once I visit example.com/other-pages/ it is var_dumping false.

I know it's still finding the two files I'm requiring as the site continues to load, and if I change them to non-sense file names the site dies. I can even var_dump($laravel) and get a huge list of Laravel looking stuff.

Is there any chance anyone has some idea what could be going on here?

Edit:

The first thing I've noticed that is different on the pages where this doesn't work, is if I var_dump($laravel)... I get...

protected 'routeResolver' => null

Towards the end instead of...

protected 'routeResolver' => 
        object(Closure)[805]
          ...

EDIT 2:

A little bit of progress here.

If I do this...

$kernel = $app->make('Illuminate\Contracts\Http\Kernel');
$response = $kernel->handle( $request = Illuminate\Http\Request::capture());

var_dump($response);

I could see that the response on these other pages was the Laravel 404 page, so it hit an error and never returned my user.

I can "fix" it by adding every wordpress domain to my Laravel routes file but that's just dirty, lol.

Any idea for a way around this?

Answer 1

make a middleware called WordpressMiddlware and in make it in every request:

PHP

public function handle($request, Closure $next)
{
    return $request->has("from_wordpress") ? redirect("PATH_TO_AUTH") : $next($request);
}

In wordpress:

PHP

$kernel = $app->make('Illuminate\Contracts\Http\Kernel');
$response = $kernel->handle( $request = Illuminate\Http\Request::capture());
$response->merge(["from_wordpress" => true]);

now every request from wordpress will be redirected to the desired path and you don't get 404.