Laravel 5.1令牌在登录表单POST上不匹配
[英]Laravel 5.1 Token Mismatch on Login form POST
问题描述
I'm getting the following error TokenMismatchException in compiled.php line 2930: 
我TokenMismatchException in compiled.php line 2930:遇到以下错误TokenMismatchException in compiled.php line 2930:
The code is running on a Red Hat server with php 5.6 i have also tested this on a Ubuntu server running php 5.5.9 it worked perfectly fine. 代码运行在带有php 5.6的Red Hat server上我也在运行php 5.5.9的Ubuntu server上测试了它,它工作得非常好。 It also runs perfectly locally. 它也在当地完美运行。
It seems to create 2 session files in storage/framework/sessions on the original GET request which means when the form is sent via POST the session is then different. 它似乎在原始GET请求的storage/framework/sessions创建了2个会话文件,这意味着当通过POST发送表单时,会话就会有所不同。
I have checked for 我已经检查过了
- Redirects 重定向
- Date/Timezone issue across the server 服务器上的日期/时区问题
- Config issues within
session.phpandapp.php在session.php和app.php配置问题
The strangest thing is why there is 2 session files being generated on the GET request. 最奇怪的是为什么在GET请求上生成了2个会话文件。
As soon as you hit the login button you hit the csrf middleware saying the tokens don't match. 只要您点击登录按钮,就会点击csrf中间件,说明令牌不匹配。
I am using the HTML generator for forms which means the _token is being set so it doesn't need to happen manually. 我正在为表单使用HTML生成器,这意味着正在设置_token ,因此不需要手动进行。
Form code 表格代码
{!! Form::open(['action' => 'Auth\AuthController@login']) !!}
<div class="panel">
<div class="panel-title">
Login
</div>
<div class="panel-body">
<div class="grid">
<div class="grid-2-4 grid-prepend-1-4 grid-append-1-4">
@include('shared._errors')
<div class="field">
{!! Form::label('username', 'Employee username') !!}
{!! Form::text('username') !!}
</div>
<div class="field">
{!! Form::label('password', 'Password') !!}
{!! Form::password('password') !!}
</div>
<div class="actions">
{!! Form::submit('Login', ['class' => 'button large']) !!}
</div>
</div>
</div>
</div>
</div>
{!! Form::close() !!}
Session config 会话配置
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => env('SESSION_DRIVER', 'file'),
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 45,
'expire_on_close' => true,
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/
'encrypt' => false,
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/
'files' => storage_path('framework/sessions'),
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => null,
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/
'table' => 'sessions',
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [2, 100],
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => 'geeksquad_form_session',
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/
'path' => '/',
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => '.'.config('app.domain'),
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => false,
];
If there is anything else that would be helpful let me know. 如果还有其他任何有用的信息,请告诉我。
1 个解决方案
解决方案1
4 已采纳 2015-11-18 12:13:40
Finally got to the bottom of the issue. 终于到了问题的底部。
It was to do with this line in the session.php config file. 它与session.php配置文件中的这一行有关。
'domain' => '.'.config('app.domain')
This line is getting the domain from the config.php file which in turn gets it from the .env file. 这一行从config.php文件中获取域,然后从.env文件中获取该域。
Ubuntu and Locally in Homestead which is also Ubuntu this works flawlessly. Ubuntu和家庭中的本地也是Ubuntu,它的工作完美无瑕。
However on Red Hat this does not work at all. 但是在Red Hat上这根本不起作用。 Altering the line to be 'domain' => '.'.env('APP_DOMAIN') and voilà all is right with the world and the TokenMissmatch has gone. 将行改为'domain' => '.'.env('APP_DOMAIN')和'domain' => '.'.env('APP_DOMAIN')都是正确的世界,TokenMissmatch已经消失了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.