Laravel cookie 会话生命周期
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24317313/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel cookie session lifetime
提问by Kolesar
I used my Laravel as a OAuth2 client, and I need to keep token i cookies. So, I set driver to cookie and keep default value for lifetime 120
我使用我的 Laravel 作为 OAuth2 客户端,我需要保留令牌 i cookie。因此,我将驱动程序设置为 cookie 并保留生命周期 120 的默认值
When any user check remember me on login, I tried to change lifetime with code:
当任何用户在登录时检查记住我时,我尝试使用代码更改生命周期:
$lifetime = time() + 60 * 60 * 24 * 365;// one year
Config::set('session.lifetime', $lifetime);
But without success. In any another controller I checked value of lifetime and every time I get default value.
但没有成功。在任何另一个控制器中,我检查了生命周期的值,并且每次获得默认值。
\Log::info(\Config::get('session.lifetime'));
Edit #1:
编辑#1:
It is enough?
够了吗?
if(Input::has('rememberMe')) {
$lifetime = time() + 60 * 60 * 24 * 365; // one year
Session::put('Expires', $lifetime);
}
Edit #2:
编辑#2:
I put acess_token key on the same way as Expires in example above, like:
我将 access_token 密钥放在与上面示例中的 Expires 相同的方式上,例如:
public function signin() {
/**
* Code for getting *client_code* and *client_state* from API server
*/
$access_token = $this->provider->getAccessToken('authorization_code', $form_data);
// $access_token is object and contain all data (access_token, refresh_token, expires)
Session::put('access_token', $access_token);
Session::put('refresh_token', $access_token->refreshToken);
Session::put('token_expires', $access_token->expires);
if(Input::has('rememberMe')) {
$lifetime = time() + 60 * 60 * 24 * 365; // one year
Session::put('expires', $lifetime);
}
return Response....
}
This is the 'default' Laravel session (I changed driver from fileto cookiein /app/config/session.php). I know life time should be set in /app/config/session.php file, but as you can see I need longer life time for Remember me option
这是“默认”的 Laravel 会话(我将驱动程序从文件更改为/app/config/session.php 中的cookie)。我知道生命时间应该在 /app/config/session.php 文件中设置,但是正如你所看到的,我需要更长的生命时间来记住我的选项
回答by The Alpha
Actually when you are setting the value like this in a Controller:
实际上,当您在 a 中设置这样的值时Controller:
$lifetime = time() + 60 * 60 * 24 * 365;// one year
Config::set('session.lifetime', $lifetime);
It's not updating the value in the file, instead it sets it for the current request only (in memory) and when you check the value using this from another Controller/Request like this:
它不会更新文件中的值,而是仅为当前请求(在内存中)设置它,当您使用另一个控制器/请求检查值时,如下所示:
Config::get('session.lifetime');
You are getting the value from the original value from file system. It's mentioned in the documentation as given below:
您正在从文件系统的原始值中获取值。它在文档中提到,如下所示:
Configuration values that are set at run-time are only set for the current request, and will not be carried over to subsequent requests.
在运行时设置的配置值只为当前请求设置,不会被带到后续请求中。
回答by osteel
Since it seems to be OK to use cookies as the session driver in your case, you could set the session lifetime to one year in /app/config/session.phpby default and store the expiration date of the cookiealong with the token in the session. That would allow you to control artificially the validity of the cookie.
由于在您的情况下使用 cookie 作为会话驱动程序似乎没有问题,因此您可以/app/config/session.php默认将会话生存期设置为一年,并将cookie的到期日期与会话中的令牌一起存储。这将允许您人为地控制 cookie 的有效性。
Basically, your signinmethod could look like this:
基本上,您的signin方法可能如下所示:
public function signin() {
/**
* Code for getting *client_code* and *client_state* from API server
*/
$access_token = $this->provider->getAccessToken('authorization_code', $form_data);
// $access_token is object and contain all data (access_token, refresh_token, expires)
Session::put('access_token', $access_token);
Session::put('refresh_token', $access_token->refreshToken);
Session::put('token_expires', $access_token->expires);
if (Input::has('rememberMe')) {
$expires = time() + 60 * 60 * 24 * 365; // one year
} else {
$expires = time() + 60 * 60 * 2; // two hours
}
Session::put('cookie_expires', $expires);
return Response....
}
Then, any time you want to use the access_token, you would check that cookie_expiresisn't past first (and if it is, redirect the user to the login page after clearing the session, for example).
然后,无论何时您想使用access_token,您都会首先检查它cookie_expires是否过去(如果是,则在清除会话后将用户重定向到登录页面,例如)。
回答by Unnawut
I have no idea where the Session::put('expires', $lifetime);will be used. To me, it seems like a normal cookie variable, not actual lifetime associated with any cookie.
我不知道Session::put('expires', $lifetime);将在哪里使用。对我来说,它似乎是一个普通的 cookie 变量,而不是与任何 cookie 相关的实际生命周期。
You will need to set the cookie lifetime before your cookies are set, and do it the way that Laravel knows you're setting a new cookie lifetime value.
您需要在设置 cookie 之前设置 cookie 生存期,并按照 Laravel 知道您正在设置新的 cookie 生存期值的方式进行设置。
public function signin() {
$access_token = $this->provider->getAccessToken('authorization_code', $form_data);
if (!$access_token) {
return Response... // Respond some other way if authentication failed.
}
// Check rememberMe first so you can set the right session.lifetime before setting any cookies.
if(Input::has('rememberMe')) {
$lifetime = time() + 60 * 60 * 24 * 365; // one year
Config::set('session.lifetime', $lifetime);
}
Session::put('access_token', $access_token);
Session::put('refresh_token', $access_token->refreshToken);
Session::put('token_expires', $access_token->expires);
return Response....
}
I also took the chance to add if (!$access_token) {before setting the cookie since you won't always be authenticating successfully.
我也借此机会if (!$access_token) {在设置 cookie 之前添加,因为您不会总是成功进行身份验证。
回答by majeed21
Friends Please use the following function instead of numbers
朋友请用下面的函数代替数字
strtotime("+1 year")
It makes more sense for humans
对人类来说更有意义
