[英]Laravel cookie storage gets exceeded after every few visits
I have got a bit of a problem with laravel's remember me
functionality.我对 laravel 的
remember me
功能有点问题。 Normally, laravel adds a session cookie , an xsrf token and a 3rd cookie with a random hash value.通常,laravel 添加一个session cookie 、一个xsrf 令牌和一个带有随机 hash 值的第三个 cookie 。 (Pic below)
(下图)
When I follow the normal login-do stuff-logout-repeat procedure, everything works fine.当我按照正常的 login-do stuff-logout-repeat 程序进行操作时,一切正常。 No extra cookies are added.
没有添加额外的 cookies。
If I login, close the browser and then visit the site again, there's another cookie that gets added.如果我登录,关闭浏览器,然后再次访问该站点,就会添加另一个 cookie。 This one looks like the 3rd cookie.
这个看起来像第三块饼干。 On repeating this particular flow, I see there's a major cookie bloat.
在重复这个特定的流程时,我看到有一个主要的 cookie 膨胀。 I'm not even sure all of those gets used.
我什至不确定所有这些都会被使用。 (Pic below)
(下图)
When I check remember me
while logging in, another remember_me token gets added.当我在登录时检查
remember me
时,会添加另一个remember_me令牌。 When I close the browser window and visit the site again, I'm logged in automatically.当我关闭浏览器 window 并再次访问该站点时,我会自动登录。 Similar to above scenario, when I repeat this procedure a few times, more and more cookies get added.
与上述情况类似,当我重复此过程几次时,会添加越来越多的 cookies。 (Pic below)
(下图)
Eventually, I get an error saying最终,我收到一条错误消息
Bad request Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.
Cookie
The site doesn't even open after that, unless I manually clear out the cookies.在那之后网站甚至没有打开,除非我手动清除 cookies。
My question is how can I delete the older cookies when I go through the above scenarios?我的问题是,当我通过上述方案 go 时,如何删除旧的 cookies? Is there any way Laravel takes care of this that I possibly be missing?
Laravel 有什么办法可以解决我可能遗漏的问题吗? Is there any way to delete the older cookie when a new one is getting generated on every visit?
当每次访问都会生成一个新的 cookie 时,有什么方法可以删除旧的 cookie?
The only question that comes closest to mine is this one , but the answer didn't work for me.唯一最接近我的问题是这个,但答案对我不起作用。
I'm using Laravel's AuthController
and my session.php
looks like so:我正在使用 Laravel 的
AuthController
和我的session.php
看起来像这样:
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => env('SESSION_DRIVER'),
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 120,
'expire_on_close' => true,
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/
'encrypt' => true,
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/
'files' => storage_path('framework/sessions'),
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => null,
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/
'table' => 'sessions',
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [2, 100],
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => 'zpz_session',
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/
'path' => '/',
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => null,
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => false,
];
Cookie Header has a limit of 4096 bytes ( https://stackoverflow.com/a/52492934/49114 ) and you get this error because encrypted cookies are very large, and every created cookie will add more and more bytes to cookie header. Cookie Header 的限制为 4096 字节( https://stackoverflow.com/a/52492934/49114 ),您会收到此错误,因为加密的 cookie 非常大,并且每个创建的 cookie 都会向 cookie 头添加越来越多的字节。
Possible solutions:可能的解决方案:
'encrypt' => false,
and avoid to store sensible information into cookies.'encrypt' => false,
禁用 cookie 加密'encrypt' => false,
并避免将敏感信息存储到 cookie 中。Had same problem and finally realized that I have misconfigured.env in these lines:有同样的问题,最后意识到我在这些行中配置了错误的.env:
SESSION_DOMAIN=.mydomain.sk
SANCTUM_STATEFUL_DOMAINS=mydomain.sk
should be:应该:
SESSION_DOMAIN=.mydomain.sk
SANCTUM_STATEFUL_DOMAINS=.mydomain.sk
These comments were helpful: https://github.com/laravel/framework/issues/31442这些评论很有帮助: https://github.com/laravel/framework/issues/31442
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.