Laravel 会话 ID 随每个请求而变化
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/33130748/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel session id changes with each request
提问by MakkyNZ
I have a Laravel 5.0 site where the frontend JS makes a lot of ajax calls to the backend Laravel code. I've noticed that on each ajax request I'm getting a new "laravel_session" cookie value in the response everytime. I'm guessing that this is some security mechanism to protect against session hiHymaning.
我有一个 Laravel 5.0 站点,其中前端 JS 对后端 Laravel 代码进行了大量 ajax 调用。我注意到在每个 ajax 请求中,我每次都会在响应中得到一个新的“laravel_session”cookie 值。我猜这是一些防止会话劫持的安全机制。
However I think this is causing an issue with my site, as my ajax calls often happen in parallel, not sequentially. I don't wait for the response before firing the next call.
但是,我认为这会导致我的网站出现问题,因为我的 ajax 调用通常是并行发生的,而不是顺序发生的。在触发下一个调用之前,我不会等待响应。
Consider this scenario
考虑这个场景
. Ajax call 1 - request - laravel_session cookie = '1234'
. Ajax 调用 1 - 请求 - laravel_session cookie = '1234'
. Ajax call 1 - response - laravel_session cookie = '2345'
. Ajax 调用 1 - 响应 - laravel_session cookie = '2345'
. Ajax call 2 - request- laravel_session cookie = '2345'
. Ajax 调用 2 - 请求 - laravel_session cookie = '2345'
. Ajax call 3 - request- laravel_session cookie = '2345'
. Ajax 调用 3 - 请求 - laravel_session cookie = '2345'
. Ajax call 2 - response - laravel_session cookie = '3456'
. Ajax 调用 2 - 响应 - laravel_session cookie = '3456'
. Ajax call 3 - response - session not longer valid
. Ajax 调用 3 - 响应 - 会话不再有效
Is there any way around this?
有没有办法解决?
I should also note that sessions are set to expire in the config/session.php as 'lifetime' => 120,
我还应该注意到会话在 config/session.php 中设置为“lifetime”=> 120,
回答by malhal
You are right it is a security mechanism. To disable it for testing, in Kernel.php comment out this line:
你是对的,它是一种安全机制。要禁用它进行测试,请在 Kernel.php 中注释掉这一行:
\App\Http\Middleware\EncryptCookies::class
Then you will see the session ID in your cookie viewer and it doesn't change.
然后您将在 cookie 查看器中看到会话 ID,并且它不会改变。
You can Google for HTTP encrypted cookies to learn about the practice. There is an ongoing debate if this old practice is necessary now that we use HTTPS on every website.
您可以通过 Google for HTTP 加密 cookie 来了解做法。既然我们在每个网站上都使用 HTTPS,那么这种旧做法是否有必要存在着持续的争论。
回答by Lance Pioch
Your domain is invalid. You need to look at config.session.domainand config.session.path.
您的域无效。你需要看看config.session.domain和config.session.path。
回答by Shan
The same issue happened with me and it was later identified that I was using
同样的问题发生在我身上,后来发现我正在使用
protected $middleware = [
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class
];
protected $middlewareGroups = [
'web' => [
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class
]
]
in both $middleware and in $middlewaregroups because of which it was creating a new session id in movement between different routes.
在 $middleware 和 $middlewaregroups 中,因此它在不同路由之间的移动中创建了一个新的会话 ID。
