问题描述
从文件切换到数据库会话时,我的 $request->input(_token) 与 $request->session()->toke() 不匹配.
My $request->input(_token) is a mismatch of $request->session()->toke() when switching from file to database sessions.
这会导致 CSRF TokenMismatchException.当从数据库切换回文件会话驱动程序时,不会发生不匹配.
This is causing a CSRF TokenMismatchException. When switching back from database to file sessons driver the mismatch does not occur.
有谁知道我为什么会出现这种不匹配以及如何解决它?:)我做了什么:
<小时>使用 Laravel 5.0
PHP 5.6.30
Using Laravel 5.0
PHP 5.6.30
php artisan session:table : 创建 Laravel 会话表作曲家转储自动加载php工匠配置:清除php arisan 配置:缓存
php artisan session:table : Created Laravel session table composer dump-autoload php artisan config:clear php arisan config:cache
我的 session.php 配置如下所示:
My session.php config looks like this:
return [
'driver' => 'database',
'lifetime' => 120,
'expire_on_close' => false,
'encrypt' => false,
'files' => storage_path().'/framework/sessions',
'connection' => null,
'table' => 'laravel_session',
'lottery' => [2, 100],
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
];
VerifyCsrfToken IlluminateFoundationMiddleware
protected function tokensMatch($request)
{
$tok = $request->input('_token') ; //4ExGXl9mRM75d7brfQhgIWcQzsSVjnUHDoDcKJxp
$tokhead = $request->header('X-CSRF-TOKEN');
$sessToken = $request->session()->token();//57DLb3uTs8brVPKpBxor14Hg0ZvQPpYW3flktP86
$token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
if ( ! $token && $header = $request->header('X-XSRF-TOKEN'))
{
$token = $this->encrypter->decrypt($header);
}
return StringUtils::equals($request->session()->token(), $token);
切换到数据库sesseio驱动后,数据库表填充数据:
Database table is populated with data after switching to database sesseio driver:
SELECT id, payload, last_activity, user_id FROM kartserver_2.laravel_session;
d33d5782e1eed56771baa56f9410a24b9e628ff6 YToxNzp7czo2OiJfdG9rZW4iO3M6NDA6Ikh6dUc4WG1PUDFZalRHY0QwcW5QZzlFSGRUSkJ3ZmVOUkVjM0RJVk0iO3M6NToiZmxhc2giO2E6Mjp7czozOiJvbGQiO2E6MDp7fXM6MzoibmV3IjthOjA6e319czoyMDoicGFzc3dvcmRSZXF1aXJlbWVudHMiO086NDE6Ikhhd2tTb2Z0d2FyZVxTZWN1cml0eVxQYXNzd29yZFJlcXVpcmVtZW... 1487315670 1862
我在 html 中生成 csrf_tokens
I am generating csrf_tokens in html
<input type="hidden" name="_token" id="_token" value="{!! csrf_token() !!}">
推荐答案
如果你在使用 Laravel 5.4* 并且碰巧遇到了这个问题,这就是你需要做的事情
If you are using Laravel 5.4* and you happen to stumble upon this problem, here is what you need to do
1- 更新您的 .env 文件
1- Update your .env file
# file = .env in your project root
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=testdb
DB_USERNAME=db_user
DB_PASSWORD=secret_pass
SESSION_DRIVER=database
注意此处的 DB_CONNECTION 设置,您将在下一步中使用.
Note the DB_CONNECTION setting here that you will need in next step.
2- 更新 config/session.php 文件连接参数应该包含您在 .env 文件中用于 DB_CONNECTION 的字符串
2- update config/session.php file Where connection param should hold the string you used for DB_CONNECTION in .env file
# file = config/session.php
'driver' => env('SESSION_DRIVER', 'database'),
'connection' => 'mysql', // this is from DB_CONNECTION in .env file
3- 生成会话表
php artisan session:table
// run the migration !!! very very important
php artisan migrate
4- 如果出于某种原因您决定手动创建表而不使用迁移,请使用此 SQL.这是非常重要的一步,一个错误的表会导致各种问题.主要是不要犯错手动创建表,id列和往常一样bigint,session表不一样.
4- if for some reason you decided to create the table manually without using migration , use this SQL. This is very important step, a wrong table will result in all kinds of problems. Primarily do not make the mistake of creating a table manually with id column as bigint as usual, session table is different.
DROP TABLE IF EXISTS `sessions`;
create table sessions
(
id varchar(255) not null,
user_id int(10) unsigned null,
ip_address varchar(45) null,
user_agent text null,
payload text not null,
last_activity int not null,
constraint sessions_id_unique
unique (id)
)
这应该可以解决将db设置为会话保存路径后的令牌不匹配异常.
That should solve the token mismatch exception after setting db as session save path.
这篇关于Laravel TokenMismatchException 数据库会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!