在 Laravel 中使用 HTTP 基本身份验证注销
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18295994/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Logging out with HTTP Basic Auth in Laravel
提问by C-A
I have one user class which consists of two types of users and want to allow different users to go to different pages.
我有一个用户类,它由两种类型的用户组成,并希望允许不同的用户访问不同的页面。
I have created a filter as follows
我创建了一个过滤器如下
Route::filter('isExpert', function()
{
$userIsExpert = 0;
$userIsLoggedIn = Auth::check();
if ($userIsLoggedIn && Auth::user()->role == 'expert') {
$userIsExpert = 1;
}
Log::info('Logged in: ' . $userIsLoggedIn . ' && Expert: ' . $userIsExpert);
if ($userIsExpert == 0)
{
Log::info('should be logging out now.');
Auth::logout();
return Auth::basic();
}
});
And routing like so
像这样路由
Route::get('/winners', array('before' => 'isExpert', function()
{
$winners = DB::select('select * from winners');
return View::make('winners.index')->with('winners',$winners);
}));
The thought is this: If it's not an expert, it will logout and redirect to login page. If it is, it will simply continue. However, Auth::logout(); doesn't ever log out the user.
想法是这样的:如果它不是专家,它将注销并重定向到登录页面。如果是,它只会继续。但是, Auth::logout(); 永远不会注销用户。
Question
题
Why is not Auth::logout() working? I've tried placing it anywhere in the app to no avail.
为什么 Auth::logout() 不起作用?我试过把它放在应用程序的任何地方都无济于事。
cheers
干杯
采纳答案by Rob Gordijn
I had the same problem, I really couldn't logout the current user... And the answer is simple: Laravel doesn't support logout() with Auth::basic().
我遇到了同样的问题,我真的无法注销当前用户......答案很简单:Laravel 不支持带有 Auth::basic() 的 logout()。
There are ways to fix it, but it's not very clean; https://www.google.nl/search?q=logout+basic
有办法修复它,但它不是很干净;https://www.google.nl/search?q=logout+basic
回答by Andreas Bergstr?m
This is not a limitation to Laravel, HTTP Basic Authorization is not designed to handle logging out. The client will remain logged in until the browser is closed.
这不是 Laravel 的限制,HTTP 基本授权并非旨在处理注销。客户端将保持登录状态,直到浏览器关闭。
HTTP Basic Authorization really shouldn't be used in any public production environment. Here are some reasons why:
HTTP 基本授权真的不应该在任何公共生产环境中使用。以下是一些原因:
- No way to give users a "remember me"-option on the login form.
- Password managers have no or lacking support for HTTP Basic Auth, as it is not rendered HTML but a native popup.
- Terrible user experience. Putting together a proper login form is well worth the little time it takes.
- 无法在登录表单上为用户提供“记住我”选项。
- 密码管理器没有或缺乏对 HTTP 基本身份验证的支持,因为它不是呈现 HTML 而是原生弹出窗口。
- 糟糕的用户体验。花点时间整理一个正确的登录表单是值得的。
The only valid case I can think of is to protect public development-subdomains like dev.example.com, but there are better ways to solve that as well.
我能想到的唯一有效案例是保护像 dev.example.com 这样的公共开发子域,但也有更好的方法来解决这个问题。
回答by Endel
The easiest way that I've found for that is to redirect to invalid username/password on logout route. Example:
我找到的最简单的方法是在注销路由上重定向到无效的用户名/密码。例子:
Route::get('admin/logout', function() {
return Redirect::to(preg_replace("/:\/\//", "://log-me-out:fake-pwd@", url('admin/logout')));
});
回答by Tarek Kalaji
If you implemented these methods in User.php
如果你在 User.php 中实现了这些方法
/**
* Get the e-mail address where password reminders are sent.
*
* @return string
*/
public function getReminderEmail()
{
return $this->email;
}
public function getRememberToken()
{
return $this->remember_token;
}
public function setRememberToken($value)
{
$this->remember_token = $value;
}
public function getRememberTokenName()
{
return 'remember_token';
}
add new column with name 'remember_token' to your table 'users' in mysql database, and then log out, finally it solved successfully. to alternate you table use this SQL Command:
在mysql数据库中的“users”表中添加名为“remember_token”的新列,然后注销,最终解决成功。使用此 SQL 命令替换您的表:
ALTER TABLE users ADD remember_token TEXT;
and then press 'Go' button.
然后按“开始”按钮。
