php 在 Laravel 中发布请求 - 错误 - 419 抱歉,您的会话已过期
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/52583886/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Post request in Laravel - Error - 419 Sorry, your session has expired
提问by Th? Thu?t Máy Tính
I installed Laravel 5.7
我安装了 Laravel 5.7
Added a form to the file \resources\views\welcome.blade.php
在文件中添加了一个表单 \resources\views\welcome.blade.php
<form method="POST" action="/foo" >
@csrf
<input type="text" name="name"/><br/>
<input type="submit" value="Add"/>
</form>
Added to file \routes\web.php
添加到文件 \routes\web.php
Route::post('/foo', function () {
echo 1;
return;
});
After sending a POST request:
发送 POST 请求后:
419 Sorry, your session has expired. Please refresh and try again.
419 抱歉,您的会话已过期。请刷新并重试。
In version 5.6there was no such a problem.
在版本5.6中没有这样的问题。
回答by Shobi
Before reading below make sure you have @csrfor {{ csrf_field() }}in your formlike
阅读以下之前,请确保您有@csrf或者{{ csrf_field() }}在你的形式像
<form method="post">
@csrf <!-- {{ csrf_field() }} -->
... rest of form ...
</form>
The session expired error message comes up because somewhere your csrf token verification fails which means the App\Http\Middleware\VerifyCsrfToken::classmiddleware is already turned on. In the form the @csrfblade directive is already added, which should be fine as well.
出现会话过期错误消息是因为您的 csrf 令牌验证在某处失败,这意味着App\Http\Middleware\VerifyCsrfToken::class中间件已经打开。在表单@csrf中已经添加了blade指令,这也应该没问题。
Then the other area to check is the session. The csrftoken verification is directly involved with your session, So you might want to check whether your session driver is working or not, such as an incorrectly configured Redis might cause an issue.
然后要检查的另一个区域是会话。该csrf令牌验证直接涉及您的会话,所以你可能要检查你的会话驱动程序是否工作正常与否,如不正确配置的Redis可能会导致问题。
Maybe you can try switching your session driver/software from your .envfile, the supported drivers are given below
也许您可以尝试从.env文件中切换会话驱动程序/软件,支持的驱动程序如下所示
Supported Session drivers in Laravel 5.7, Laravel 5.8, Laravel 6(Doc Link)
Laravel 5.7、Laravel 5.8、Laravel 6 中支持的会话驱动程序(文档链接)
file- sessions are stored in storage/framework/sessions.cookie- sessions are stored in secure, encrypted cookies.database- sessions are stored in a relational database.memcached/redis- sessions are stored in one of these fast, cache based stores.array- sessions are stored in a PHP array and will not be persisted.
file- 会话存储在存储/框架/会话中。cookie- 会话存储在安全、加密的 cookie 中。database- 会话存储在关系数据库中。memcached/redis- 会话存储在这些基于缓存的快速存储之一中。array- 会话存储在一个 PHP 数组中,不会被持久化。
If your form works after switching the session driver, then something wrong is with that particular driver, try to fix the error from there.
如果您的表单在切换会话驱动程序后工作,那么该特定驱动程序有问题,请尝试从那里修复错误。
Possible error-prone scenarios
可能的容易出错的场景
Probably file-based sessions might not work because of the permission issues with the
/storagedirectory (a quick googling will fetch you the solution), also remember putting 777 for the directory is never the solution.In the case of the database driver, your DB connection might be wrong, or the
sessionstable might not exist or wrongly configured (the wrong configuration part was confirmed to be an issue as per the comment by @Junaid Qadir).redis/memcachedconfiguration is wrong or is being manipulated by some other piece of code in the system at the same time.
由于
/storage目录的权限问题,基于文件的会话可能无法正常工作(快速谷歌搜索将获取解决方案),还请记住为目录放置 777 永远不是解决方案。在数据库驱动程序的情况下,您的数据库连接可能是错误的,或者
sessions表可能不存在或配置错误(根据@Junaid Qadir 的评论,错误的配置部分被确认是一个问题)。redis/memcached配置错误或同时被系统中的其他一些代码操纵。
It might be a good idea to execute php artisan key:generateand generate a new app key which will, in turn, flush the session data.
执行php artisan key:generate并生成一个新的应用程序密钥可能是一个好主意,该密钥将依次刷新会话数据。
Clear Browser Cache HARD, I found chrome and firefox being a culprit more than I can remember.
Clear Browser Cache HARD,我发现 chrome 和 firefox 是罪魁祸首,我不记得了。
回答by David
This is because the form requires a csrf. In version 5.7, they changed it to @csrf
这是因为表单需要 csrf。在 5.7 版本中,他们将其更改为 @csrf
<form action="" method="post">
@csrf
...
Referene: https://laravel.com/docs/5.7/csrf
参考文献:https://laravel.com/docs/5.7/csrf
回答by Saurabh Mistry
case 1 : if you are running project in your local system like 127.0.01:8000 ,
情况 1:如果您在本地系统中运行项目,例如 127.0.01:8000 ,
then
然后
add SESSION_DOMAIN=in your .env file
添加SESSION_DOMAIN=您的 .env 文件
or in your config/session.php 'domain' => env('SESSION_DOMAIN', ''),
或者在你的 config/session.php 'domain' => env('SESSION_DOMAIN', ''),
and then run php artisan cache:clear
然后运行 php artisan cache:clear
case 2: if project is running on server and you have domain like "mydomain.com"
情况 2:如果项目在服务器上运行,并且您有像“mydomain.com”这样的域
add SESSION_DOMAIN=mydomain.comin your .env file
添加SESSION_DOMAIN=mydomain.com您的 .env 文件
or in your config/session.php 'domain' => env('SESSION_DOMAIN', 'mydomain.com'),
或者在你的 config/session.php 'domain' => env('SESSION_DOMAIN', 'mydomain.com'),
and then run php artisan cache:clear
然后运行 php artisan cache:clear
回答by Karim Samir
I use Laravel 5.7 I had the same problem and it was because the csrf token wasn't in the form, so adding
我使用 Laravel 5.7 我遇到了同样的问题,这是因为 csrf 令牌不在表单中,所以添加
@csrf
fixed the problem
解决了问题
回答by Bonish Ktheitroadala
How about using
怎么用
{{ csrf_field() }}instead of @csrf
{{ csrf_field() }}代替 @csrf
419 error is mostly because of csrf token issues.
419 错误主要是因为 csrf 令牌问题。
回答by Prasna Lukito
Try to comment out \App\Http\Middleware\EncryptCookies::classin \app\Http\Kernel.phpI have similar problem and solved it by doing so.
Probably not the best solution because the security but at least it worked.
尝试\App\Http\Middleware\EncryptCookies::class在\app\Http\Kernel.php我有类似的问题中注释掉并通过这样做来解决它。可能不是最好的解决方案,因为安全性但至少它有效。
Previously I tried:
以前我试过:
- Clear cache
- Generate new app key
- Run my app in various Browsers (Chrome 70, Mozilla Firefox 57, and IE 11)
- Run my app in another computer
- Comment out
\App\Http\Middleware\VerifyCsrfToken::classin\app\Http\Kernel.php - Comment out
\Illuminate\Session\Middleware\AuthenticateSession::classin\app\Http\Kernel.php - Upgrade and downgrade Laravel (between 5.6 and 5.7)
- 清除缓存
- 生成新的应用密钥
- 在各种浏览器(Chrome 70、Mozilla Firefox 57 和 IE 11)中运行我的应用程序
- 在另一台计算机上运行我的应用程序
- 注释掉
\App\Http\Middleware\VerifyCsrfToken::class在\app\Http\Kernel.php - 注释掉
\Illuminate\Session\Middleware\AuthenticateSession::class在\app\Http\Kernel.php - 升级和降级 Laravel(5.6 和 5.7 之间)
But none of these above worked for me.
但以上这些都不适合我。
EDIT
编辑
My case here is every time I login, a new session file will be created (The old one is still persist, but suddenly forgotten. Check storage/framework/sessions) and new CSRF token is generated. So the problem is not with VerifyCsrfToken.
我这里的情况是每次登录都会创建一个新的会话文件(旧的还在持久化,但突然忘记了。检查storage/framework/sessions)并生成新的CSRF令牌。所以问题不在于VerifyCsrfToken。
As @Vladd mentioned in comment section, you should nevercomment out \App\Http\Middleware\VerifyCsrfToken::class. You have to check that you sent the right CSRF TOKEN to the server.
正如@Vladd 在评论部分提到的,你永远不应该注释掉\App\Http\Middleware\VerifyCsrfToken::class. 您必须检查您是否向服务器发送了正确的 CSRF TOKEN。
回答by Aghnat Atqiya
change your @csrfin welcome.blade.php to <input type="hidden" name="_token" value="{{ csrf_token() }}">
将您@csrf的welcome.blade.php更改为<input type="hidden" name="_token" value="{{ csrf_token() }}">
so your code like this:
所以你的代码是这样的:
<form method="POST" action="/foo" >
<input type="hidden" name="_token" value="{{ csrf_token() }}">
<input type="text" name="name"/><br/>
<input type="submit" value="Add"/>
<button type="submit">Submit</button>
</form>
回答by Bram Janssen
It could be a problem with your session. After playing around with these settings I resolved my problem. For me it turned out to be the last option.
您的会话可能有问题。在玩弄这些设置后,我解决了我的问题。对我来说,这是最后的选择。
- If you are using "file" as session driver look into storage/framework/sessions if the sessions are getting saved after a refresh. If not It is most likely due to incorrect folder permissions. Check that your storage/ folder have the correct right
- Try to disable all the Javascript in your pages (either by disabling it via navigator or inside the code) and make sure that 'http_only' => true,
- Try to use with and without https
- Make sure the SESSION_DRIVER variable is NOT null
- Try to switch between 'encrypt' => false, and 'encrypt' => true,
- Try to change the cookie name 'cookie' => 'laravelsession',
- Try either to set your SESSION_DOMAIN to your actual domain OR null
- Try to switch between 'secure' => env('SESSION_SECURE_COOKIE', false), and 'secure' => env('SESSION_SECURE_COOKIE', true),
- 如果您使用“文件”作为会话驱动程序,如果会话在刷新后被保存,请查看存储/框架/会话。如果不是,很可能是由于文件夹权限不正确。检查您的存储/文件夹是否具有正确的权限
- 尝试禁用页面中的所有 Javascript(通过导航器禁用它或在代码中禁用它)并确保“http_only”=> true,
- 尝试使用和不使用 https
- 确保 SESSION_DRIVER 变量不为空
- 尝试在 'encrypt' => false 和 'encrypt' => true 之间切换,
- 尝试更改 cookie 名称 'cookie' => 'laravelsession',
- 尝试将您的 SESSION_DOMAIN 设置为您的实际域或 null
- 尝试在 'secure' => env('SESSION_SECURE_COOKIE', false) 和 'secure' => env('SESSION_SECURE_COOKIE', true) 之间切换,
Source:Laravel Session always changes every refresh / request in Laravel 5.4
回答by samair ali
add csrf token and your issue will be solved . {{csrf_token}} or @csrf
添加 csrf 令牌,您的问题将得到解决。{{csrf_token}} 或 @csrf
回答by Mathieu Ferre
In your Http/Kernel.php
在你的 Http/Kernel.php
try to comment this line :
尝试评论这一行:
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
in your web middleware array
在您的网络中间件阵列中
it might be the root of your issue
这可能是你问题的根源
