Laravel 5.5 中用户会话过期时自动重定向
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/49677248/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Redirect automatically when user session expires in Laravel 5.5
提问by Emmanuel Gonzle
I want to redirect automatically to my login page when a user session expires using Laravel functions. I do redirect when a user try to access to another page and the session expires. I have set a lifetime which helps to log out automatically because of user's inactivity, and what I want is to redirect instantly when that session timeout.
当用户会话使用 Laravel 函数过期时,我想自动重定向到我的登录页面。当用户尝试访问另一个页面并且会话过期时,我会重定向。我设置了一个生命周期,这有助于由于用户不活动而自动注销,我想要的是在会话超时时立即重定向。
I tried using JavaScript to timeout but this is not functional when the user is using more than one page at time.
我尝试使用 JavaScript 超时,但是当用户一次使用多个页面时,这不起作用。
I also tried using AJAX, sending requests to check session status every minute, this works but when the project is in production there's many requests to the server just for checking the session status. (This is the link which helped me for this https://laracasts.com/discuss/channels/laravel/help-is-neededd-on-idle-session-time-out)
我还尝试使用 AJAX,每分钟发送请求以检查会话状态,这是有效的,但是当项目处于生产状态时,有很多请求到服务器只是为了检查会话状态。(这是帮助我解决此问题的链接https://laracasts.com/discuss/channels/laravel/help-is-neededd-on-idle-session-time-out)
Now, I'm trying using App/Exceptions/Handler.php, with the the unauthenticated()function:
现在,我正在尝试使用App/Exceptions/Handler.php和unauthenticated()函数:
protected function unauthenticated($request, AuthenticationException $exception)
{
if ($request->expectsJson()) {
return response()->json(['error' => 'Unauthenticated.'], 401);
}
return redirect()->guest(route('login'));
}
(Redirect User to Login Page When Session Expires - Laravel)
This last solution is not working, no error appears but is doing absolutely nothing.
最后一个解决方案不起作用,没有出现错误,但完全没有做任何事情。
If is it possible, please tell me the right way to do it.
如果可能,请告诉我正确的方法。
回答by sam
As your sessions have a fixed lifetime you can pass that information to the client and give the client responsibility for querying the service to determine session expiry at the time when you expect the session to have expired so that instead of constantly querying your service for their sessions status, they're only querying when it's likely to have expired.
由于您的会话具有固定的生命周期,您可以将该信息传递给客户端,并让客户端负责查询服务以确定会话到期时您预计会话已过期的时间,而不是不断地查询您的服务以获取他们的会话状态,他们只查询可能已过期的时间。
- A user makes a request to your website
- Middleware generates a timestamp representing the point at which their session will expire and returns it to the client to be stored as a cookie
- Javascript runs on the client that retrieves the timestamp of their session expiry from the cookie and then when that timestamp is reached you check if the cookie value has changed, and if not then a request is made to your session status endpoint to confirm their session is no longer active
- Your session status endpoint returns either an expired status (which triggers the inactive session behaviour) orit returns a new timestamp which you can then update the cookie with so that the process repeats again when that expiry is reached
- 用户向您的网站发出请求
- 中间件生成一个时间戳,表示他们的会话将到期的时间点,并将其返回给客户端以作为 cookie 存储
- Javascript 在客户端上运行,从 cookie 中检索其会话到期的时间戳,然后当到达该时间戳时,您检查 cookie 值是否已更改,如果未更改,则向您的会话状态端点发出请求以确认他们的会话是不再活跃
- 您的会话状态端点返回过期状态(触发非活动会话行为)或返回一个新的时间戳,然后您可以使用该时间戳更新 cookie,以便该过程在到期时再次重复
Personally I would notrecommend automatically redirecting someone to the login form when their session has expired because it means when they have many pages open each page will now be the log in form which is a bad user experience. Many technical users will understand that they can log in on one page and then refresh the others, however many non-technical people won't and they will believe they have to enter their username and password on every single page.
就我个人而言,我不建议在某人的会话过期时自动将其重定向到登录表单,因为这意味着当他们打开许多页面时,每个页面现在都将是登录表单,这是一种糟糕的用户体验。许多技术用户会明白他们可以在一个页面上登录然后刷新其他页面,但是许多非技术人员不会,他们会认为他们必须在每一页上输入他们的用户名和密码。
If your application depends on an active session even after page load -- i.e it's a single page application that uses ajax -- then when the session expires you should disable the page with a modal that says "Your session has expired, please log in again to continue using this page" and when they click login you first check if they've got an active session and if not only then do you redirect to the log in form. This means that if they have many tabs open and their session expires, when they return to those tabs and click the "log in" button their page use immediately resumes. This is a much better user experience.
如果您的应用程序即使在页面加载后仍依赖于活动会话——即它是一个使用 ajax 的单页应用程序——那么当会话过期时,您应该使用一个显示“您的会话已过期,请重新登录”的模式禁用该页面继续使用此页面”,当他们单击登录时,您首先检查他们是否有活动会话,如果没有,则重定向到登录表单。这意味着如果他们打开了许多选项卡并且他们的会话过期,当他们返回这些选项卡并单击“登录”按钮时,他们的页面使用会立即恢复。这是一个更好的用户体验。
回答by tringuyen
You can use Auth::check()
您可以使用 Auth::check()
if(Auth::check()) {
//Do anything you want
}
return redirect('/login');
