[英]Laravel 5.1 Token Mismatch on Login form POST
I'm getting the following error TokenMismatchException in compiled.php line 2930:
我
TokenMismatchException in compiled.php line 2930:
遇到以下错误TokenMismatchException in compiled.php line 2930:
The code is running on a Red Hat server
with php 5.6
i have also tested this on a Ubuntu server
running php 5.5.9
it worked perfectly fine. 代码运行在带有
php 5.6
的Red Hat server
上我也在运行php 5.5.9
的Ubuntu server
上测试了它,它工作得非常好。 It also runs perfectly locally. 它也在当地完美运行。
It seems to create 2 session files in storage/framework/sessions
on the original GET
request which means when the form is sent via POST
the session is then different. 它似乎在原始
GET
请求的storage/framework/sessions
创建了2个会话文件,这意味着当通过POST
发送表单时,会话就会有所不同。
I have checked for 我已经检查过了
session.php
and app.php
session.php
和app.php
配置问题 The strangest thing is why there is 2 session files being generated on the GET
request. 最奇怪的是为什么在
GET
请求上生成了2个会话文件。
As soon as you hit the login button you hit the csrf
middleware saying the tokens don't match. 只要您点击登录按钮,就会点击
csrf
中间件,说明令牌不匹配。
I am using the HTML generator for forms which means the _token
is being set so it doesn't need to happen manually. 我正在为表单使用HTML生成器,这意味着正在设置
_token
,因此不需要手动进行。
Form code 表格代码
{!! Form::open(['action' => 'Auth\AuthController@login']) !!}
<div class="panel">
<div class="panel-title">
Login
</div>
<div class="panel-body">
<div class="grid">
<div class="grid-2-4 grid-prepend-1-4 grid-append-1-4">
@include('shared._errors')
<div class="field">
{!! Form::label('username', 'Employee username') !!}
{!! Form::text('username') !!}
</div>
<div class="field">
{!! Form::label('password', 'Password') !!}
{!! Form::password('password') !!}
</div>
<div class="actions">
{!! Form::submit('Login', ['class' => 'button large']) !!}
</div>
</div>
</div>
</div>
</div>
{!! Form::close() !!}
Session config 会话配置
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => env('SESSION_DRIVER', 'file'),
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 45,
'expire_on_close' => true,
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/
'encrypt' => false,
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/
'files' => storage_path('framework/sessions'),
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => null,
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/
'table' => 'sessions',
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [2, 100],
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => 'geeksquad_form_session',
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/
'path' => '/',
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => '.'.config('app.domain'),
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => false,
];
If there is anything else that would be helpful let me know. 如果还有其他任何有用的信息,请告诉我。
Finally got to the bottom of the issue. 终于到了问题的底部。
It was to do with this line in the session.php
config file. 它与
session.php
配置文件中的这一行有关。
'domain' => '.'.config('app.domain')
This line is getting the domain from the config.php
file which in turn gets it from the .env
file. 这一行从
config.php
文件中获取域,然后从.env
文件中获取该域。
Ubuntu and Locally in Homestead which is also Ubuntu this works flawlessly. Ubuntu和家庭中的本地也是Ubuntu,它的工作完美无瑕。
However on Red Hat this does not work at all. 但是在Red Hat上这根本不起作用。 Altering the line to be
'domain' => '.'.env('APP_DOMAIN')
and voilà all is right with the world and the TokenMissmatch has gone. 将行改为
'domain' => '.'.env('APP_DOMAIN')
和'domain' => '.'.env('APP_DOMAIN')
都是正确的世界,TokenMissmatch已经消失了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.