Framework: temporarySignedRoute expiration not working in different timezones

Created on 5 Nov 2019 · 5Comments · Source: laravel/framework

Laravel Version: 6.0
PHP Version: 7.2.1
Database Driver & Version: pgsql

Description:

I'm using the temporarySignedRoute functionality.

$url = URL::temporarySignedRoute(
    'foobar', now()->addHours(6), ['foobar' => $foo->bar]
);

This works when I'm in the same timezone as my server (the Netherlands). But when someone else requested a temporarySignedUrl in for instance the US, there is a different timezone. Then it returns me that the Signature is invalid.
In the docs I cannot find things about timezone or something you have to configure for this, so probably this is a bug?

Steps To Reproduce:

Make a _temporarySignedRoute_ and open this in a different timezone then the server is configured at.

$url = URL::temporarySignedRoute(
    'foobar', now()->addHours(6), ['foobar' => $foo->bar]
);

Source

Jaspur

Most helpful comment

This doesn't make sense to me - the expiration timestamp is generated and validated using the servers time. It's not validated against the timestamp the user is visiting from.

dwightwatson on 6 Nov 2019

👍3

All 5 comments

This doesn't make sense to me - the expiration timestamp is generated and validated using the servers time. It's not validated against the timestamp the user is visiting from.

dwightwatson on 6 Nov 2019

👍3

Are you setting the applications timezone to the users somehow?

netpok on 7 Nov 2019

@netpok No, but even when I try that:

$url = URL::temporarySignedRoute(
  'foobar', now()->setTimezone(config('app.timezone'))->addHours(6), ['foobar' => $foo->bar]
);

It is not working.

Jaspur on 7 Nov 2019

The call to now() should return the same time regardless the browser timezone.

netpok on 7 Nov 2019

Hey there,

Can you first please try one of the support channels below? If you can actually identify this as a bug, feel free to report back and I'll gladly help you out and re-open this issue.

Thanks!