[SOLVED] CAS id as user_id for sessions table in laravel 11

CAS id as user_id for sessions table in laravel 11

i'm developing a laravel 11 project login using subfission/cas. i managed to set them up and succesfully logged in but now my user_id in sessions table is null. i'm not using laravel's user table and use my own staff table

i tried referring to similar issue. following that, i tried tweaking the Illuminate\Session\DatabaseSessionHandler into:

 protected function addUserInformation(&$payload)
    {
        if ($this->container->bound(Guard::class)) {
            $payload['user_id'] = $this->userId();
            if (!$payload['user_id']) {
                $staff = Staff::where('cas_id', cas()->user())->first();

                $payload['user_id'] = $staff->id;
            }
        }

        return $this;
    }

now, this works but i'm not even sure if this is the practical or right way or that i should copy/publish the file and edit that one(if that's even possible)

Solution

so the solution that i found is that i made a customCas file which is pretty much a copy of CASauth but i added to set up the user_id session and another customsessionhandler that's a copy of databasesessionhandler with tweak to cater

customcasauth.php

 Session::put('cas_user', $this->cas->user());
            $staff = Staff::where('sso_id', $this->cas->user())->first();

            if ($staff) {
                Session::put('user_id', $staff->id);
            } else {
                // Optionally handle the case where no staff record is found
                abort(403, 'Unauthorized action, please contact administrator to check your existance in the system.');
            }

customsessionhandler.php

protected function addUserInformation(&$payload)
    {
        if ($this->container->bound('session.handler')) {
            $payload['user_id'] = session('user_id');
        }

        return $this;
    }

appserviceprovider.php

 public function register(): void
    {
        $this->app->singleton('session.handler', function ($app) {
            return new CustomSessionHandler(
                $app['db']->connection(),
                $app['config']['session.table'],
                $app['config']['session.lifetime'],
                $app
            );
        });
    }

   
    public function boot(): void
    {
        Session::extend('custom', function ($app) {
            return $app->make('session.handler');
        });
    }

since this solution is one that i found just to solve my problem, i'd appreciate if anyone can tell me any genaral security vulnerabilities