Laravel TokenMismatchException会话超时
[英]Laravel TokenMismatchException session timeout
问题描述
I am running into an issue where when a user sits idle for more than 24 hours (my session timeout), or leaves the site and then comes back after 24 hours, they are not being logged out of the site, but their session is being expired, or at least their _token is no longer valid. 
我遇到了一个问题,当用户闲置超过24小时(我的会话超时),或离开网站,然后在24小时后回来,他们没有被退出网站,但他们的会话正在已过期,或者至少他们的_token不再有效。
This causes unwanted behavior as if the user submits a form after their _token has expired and they now receive a TokenMismatchException . 这会导致不必要的行为,就好像用户在_token过期后提交表单一样,他们现在收到TokenMismatchException 。
Locally it seems that when the idle time exceeds the session lifetime the user is logged out, however in production on the live server this is not the case, the idle time can surpass the session lifetime and yet the user is still logged in and Auth::check() and Auth::user() both function as expected if a user were logged in. 在本地,似乎当空闲时间超过会话生命周期时用户被注销,但是在实时服务器上的生产中不是这种情况,空闲时间可以超过会话生存期但用户仍然登录并且Auth::check()和Auth::user()在用户登录时都按预期运行。
What would cause the user to not be logged out, even though their session has expired? 什么会导致用户没有注销,即使他们的会话已经过期?
Is there a way I can check that the session has expired so that I can then manually log the user out with a message asking them to log back in? 有没有办法可以检查会话是否已过期,以便我可以手动将用户注销,并要求他们重新登录?
I have tried to use the App::before filter to check the last_activity on the session and determine if it has expired, but once the session has expired I no longer have access to it as it has been removed from the database, therefore I can not compare the timestamps to determine if the user needs to be manually logged out and prompted to re login. 我曾尝试使用过滤器App::before的App::before检查会话的last_activity并确定它是否已过期,但是一旦会话过期我就无法访问它,因为它已从数据库中删除,因此我可以不比较时间戳来确定用户是否需要手动注销并提示重新登录。
My session config: 我的会话配置:
'driver' => 'database',
'lifetime' => 1440,
'expire_on_close' => false,
Thanks. 谢谢。
1 个解决方案
解决方案1
0 2017-05-28 16:03:42
I've also been struggling to find a solution to this problem for a long time. 我也一直在努力寻找这个问题的解决方案很长一段时间。 Everything goes fine 95% of the time, but some AJAX requests randomly die with this Illuminate\\Session\\TokenMismatchException error. 95%的情况下一切都很顺利,但是一些AJAX请求会随着Illuminate\\Session\\TokenMismatchException错误而随机死亡。
Just now I deployed a quick-and-dirty fix -- I put this piece of code into the layout: 刚才我部署了一个快速而又脏的修复程序 - 我把这段代码放到了布局中:
setInterval(function () {
$.get(window.location.origin + '/keepSessionAlive')
.fail(function(response) {
Sentry.trackError(
'KeepSessionAlive request failed. ' +
'Response: ' + JSON.stringify(response)
);
});
}, 300000);
As dump as it looks, it simply sends a request to the server every 5 minutes to make sure the session is kept alive. 它看起来像转储,它只是每隔5分钟向服务器发送一个请求,以确保会话保持活动状态。
(The /keepSessionAlive endpoint is under the web middleware group and just returns { success: true } ) ( /keepSessionAlive端点位于web中间件组下,只返回{ success: true } )
Hope it will make a difference :) 希望它会有所作为:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.