Laravel Session 总是在 Laravel 5.4 中更改每次刷新/请求
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/42769388/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel Session always changes every refresh / request in Laravel 5.4
提问by CMOS
So the title basically says it all, I am using Laravel 5.4, PHP 7.1 and on my local machine sessions are working just fine. Essentially when trying to login or reloading the page every time I get a new CSRF token which breaks everything. I am using database as my session driver and it creates a new entry into the DB every single request I make. This happened on my local machine when I first upgraded but to fix it the solution was to update my cookie_domain env variable and I got it working. However on my new server I have tried every domain I could think of and it still does not work.
所以标题基本上说明了一切,我使用的是 Laravel 5.4、PHP 7.1,并且在我的本地机器上会话工作得很好。基本上是在每次我获得一个新的 CSRF 令牌时尝试登录或重新加载页面时,这会破坏一切。我使用数据库作为我的会话驱动程序,它会在我发出的每个请求中创建一个新条目到数据库中。当我第一次升级时,这发生在我的本地机器上,但要修复它,解决方案是更新我的 cookie_domain 环境变量,我让它工作了。但是,在我的新服务器上,我尝试了我能想到的所有域,但仍然无法正常工作。
Here is what I know,
这是我所知道的,
Session cookie is not being saved under Chrome -> Application -> Cookies, this is indeed showing up on my local setup.
CSRF-TOKEN gets a new value every page reload but the XSRF-TOKEN cookie is present and maintains its value on every reload.
Both local and my new server are running the exact same git branch, and are both running apache 2.4, Laravel 5.4 and PHP 7.1 so this makes me assume it is a config issue of some kind. Both local and server are running centos 7
Every request creates a new session in the DB, this happens for get, post and ajax requests.
会话 cookie 没有保存在 Chrome -> 应用程序 -> Cookies 下,这确实显示在我的本地设置中。
CSRF-TOKEN 每次页面重新加载都会获得一个新值,但 XSRF-TOKEN cookie 存在并在每次重新加载时保持其值。
本地服务器和我的新服务器都运行完全相同的 git 分支,并且都运行 apache 2.4、Laravel 5.4 和 PHP 7.1,所以这让我认为这是某种配置问题。本地和服务器都运行centos 7
每个请求都会在数据库中创建一个新会话,这发生在 get、post 和 ajax 请求中。
I assume this is a config issue from somewhere but I have no idea, any help would be greatly appreciated. If it helps, looking under my response Headers for my initial page load both sid and the laravel session are present under the 'Set-Cookie" command, but neither actually save to the local application cookie storage.
我认为这是某个地方的配置问题,但我不知道,任何帮助将不胜感激。如果有帮助,请查看我的初始页面加载的响应标头,sid 和 laravel 会话都存在于“Set-Cookie”命令下,但实际上都没有保存到本地应用程序 cookie 存储中。
Edit / UpdateSo originally I answered my own question by saying what I thought was the fix, however this fix is no longer working and I am getting this issue all over the place. So to update my issue is the same as before, trying to do anything creates a new session, reloading and navigating a few pages adds dozens of sessions due to ajax requests and other such activity.
编辑/更新所以最初我回答了我自己的问题,说我认为是修复,但是这个修复不再有效,我到处都遇到这个问题。所以更新我的问题和以前一样,尝试做任何事情都会创建一个新的会话,由于 ajax 请求和其他此类活动,重新加载和导航几个页面会添加数十个会话。
My setup now is this, I have 3 servers all three are running off of a cloned image which means they are identical, however one of them is a subdomain, development.mysite.com and the other 2 are load balanced for the main site mysite.com. So the ONLY possible explanation I can come up with is that somehow laravel cannot understand my setup due to my subdomain. I have tried every possible combination of COOKIE_DOMAIN in the .env file (development.mysite.com, .mysite.com, mysite.com, .development.mysite.com etc) and I have added dozens of options to my host all to no avail. Any ideas as to what this could be?
我现在的设置是这样的,我有 3 台服务器,所有三台服务器都在运行克隆图像,这意味着它们是相同的,但是其中一台是子域,development.mysite.com,另外两台是主站点 mysite 的负载平衡.com。所以我能想出的唯一可能的解释是,由于我的子域,laravel 无法理解我的设置。我已经尝试了 .env 文件(development.mysite.com、.mysite.com、mysite.com、.development.mysite.com 等)中 COOKIE_DOMAIN 的所有可能组合,并且我向我的主机添加了许多选项,全部都没有有用。关于这可能是什么的任何想法?
**Edit / Update #2 ** In addition to this I have found that it might be related to my domain in use being a subdomain, in which the main domain is also running laravel, if so I will have to figure out how and why.
**编辑/更新#2 **除此之外,我发现它可能与我使用的域是一个子域有关,其中主域也在运行laravel,如果是这样,我将不得不弄清楚如何和为什么。
采纳答案by CMOS
I found the solution to this was 2 parts, not sure why it varied since it was the same OS and setup.
我发现这个问题的解决方案是 2 个部分,不知道为什么它会有所不同,因为它是相同的操作系统和设置。
Step 1 make sure that COOKIE_DOMAIN is set properly and with no port numbers (Either in .env or directly in /config/session.php, whichever you use)
步骤 1 确保 COOKIE_DOMAIN 设置正确且没有端口号(在 .env 中或直接在 /config/session.php 中,无论您使用哪个)
Step 2 make sure that the cookie name ( 'cookie' => 'whatever') inside of /config/sessions.php does NOT have an underscore in it. Laravel apparently has had issues with this.
第 2 步确保 /config/sessions.php 中的 cookie 名称 ('cookie' => 'whatever') 中没有下划线。Laravel 显然对此有问题。
回答by Mathieu Ferre
We got threw this error too, and this is what seems to fix the problem :
我们也抛出了这个错误,这似乎是解决问题的方法:
? Check that your storage/folder have the correct right
? 检查您的storage/文件夹是否具有正确的权限
? Try to disable all the Javascript in your pages (either by disabling it via navigator or inside the code) and make sure that 'http_only' => true,
? 尝试禁用页面中的所有 Javascript(通过导航器禁用它或在代码中禁用它)并确保'http_only' => true,
? Try to use with and without https
? 尝试使用和不使用 https
? Make sure the SESSION_DRIVER variable is NOT null
? 确保 SESSION_DRIVER 变量不为空
? Try to switch between 'encrypt' => false,and 'encrypt' => true,
? 尝试在'encrypt' => false,和之间切换'encrypt' => true,
? Try to change the cookie name 'cookie' => 'laravelsession',
? 尝试更改 cookie 名称'cookie' => 'laravelsession',
? Try either to set your SESSION_DOMAIN to your actual domain OR null
? 尝试将您的 SESSION_DOMAIN 设置为您的实际域或 null
? Try to switch between 'secure' => env('SESSION_SECURE_COOKIE', false), and 'secure' => env('SESSION_SECURE_COOKIE', true),
? 尝试在 'secure' => env('SESSION_SECURE_COOKIE', false) 和 'secure' => env('SESSION_SECURE_COOKIE', true) 之间切换,
After every step, this bug seems to be fixed, but somehow, the cookie still is not set in the navigator sometime until we use https on development too.
在每一步之后,这个错误似乎都被修复了,但不知何故,直到我们在开发中也使用 https 之前,cookie 仍然没有在导航器中设置。
I am sorry not to be able to provide a 100% fix, but having the EXACT same issue, I wanted to share my experience with you.
很抱歉无法提供 100% 的修复,但遇到完全相同的问题,我想与您分享我的经验。
回答by Waku-2
Primary cause of this problem is laravel's inability to save session data on server side.
这个问题的主要原因是 Laravel 无法在服务器端保存会话数据。
With file as session storage, it can be & usually is a permissions issue, [Check SELINUX if you are on centos], laravel (that means apache or nginx or whatever user your process runs with) should have read and write permission on the folder where session files are stored [That is usually project root/storage folder].
使用文件作为会话存储,通常是权限问题,[如果您使用的是 centos,请检查 SELINUX],laravel(这意味着 apache 或 nginx 或您的进程运行的任何用户)应该对该文件夹具有读写权限存储会话文件的位置[通常是项目根目录/存储文件夹]。
Another reason this can happen is when you are using database as a session storage and created sessions table manually and made the mistake of making id column of type bigint(20) or any other mismatching column.
发生这种情况的另一个原因是,当您使用数据库作为会话存储并手动创建会话表时,犯了将 id 列设为 bigint(20) 类型或任何其他不匹配列的错误。
That again means laravel couldn't store the session data. Check my detailed answer about that here https://stackoverflow.com/a/45340647/7260022
这再次意味着 laravel 无法存储会话数据。在此处查看我的详细答案https://stackoverflow.com/a/45340647/7260022
And the last point is about cookie and domain setting as mentioned above. Hope that helps to pinpoint the problem for anyone struggling with the issue in future.
最后一点是关于 cookie 和域设置,如上所述。希望这有助于为将来遇到问题的任何人查明问题。
回答by Alex
Disable nginxcache if you use it. For me it solved the same problem.
nginx如果您使用它,请禁用缓存。对我来说,它解决了同样的问题。
回答by James
I was also facing the similar problem in Laravel 5.6. My application was working and and never had issues regarding authentication. Suddenly I got a "419 | page is expired"error and the CSRF token was being generated with every single refresh.
我在 Laravel 5.6 中也遇到了类似的问题。我的应用程序正在运行,并且从未遇到过有关身份验证的问题。突然我收到一个"419 | page is expired"错误,每次刷新都会生成 CSRF 令牌。
Finally I figured out that the browser had blocked the cookies set by the application. I still had not found a permanent fix but allowing or deleting those blocked cookies temporarily solved the issue.
最后我发现浏览器阻止了应用程序设置的 cookie。我仍然没有找到永久修复,但允许或删除那些被阻止的 cookie 暂时解决了这个问题。
I have nothing changed in my config/sessions.php*configuration file and the application works fine in local server.
我的config/sessions.php*配置文件没有任何变化,应用程序在本地服务器上运行良好。
