堆栈内存溢出
  简体   繁体   English

为同一个 Laravel 应用程序创建的多个会话 cookie

[英]Multiple session cookies created for the same Laravel app

 原文  2017-03-27 12:22:20       php/ facebook/ laravel/ session/ cookies

问题描述

I have a Laravel 5.2 app laying on a domain like this: https://www.example.com .我有一个 Laravel 5.2 应用程序放置在这样的域上: https://www.example.com

The laravel_session cookie is configured to use the dot notation (to include subdomains): laravel_session cookie 被配置为使用点符号(包括子域):

config/session.php:配置/session.php:

'cookie' => 'laravel_session',
'path' => '/',
'domain' => env('SESSION_COOKIE_DOMAIN', null)

.env file on the server:服务器上的.env文件:

SESSION_COOKIE_DOMAIN=.example.com

I'm using the database as the session driver.我使用数据库作为会话驱动程序。

Now, there are cases when the session cookie gets duplicated, and in the cookie list I can see entries like these:现在,有些情况下会话 cookie 被复制,在 cookie 列表中我可以看到如下条目:

  • laravel_session , domain: .example.com laravel_session ,域: .example.com
  • laravel_session , domain: .www.example.com laravel_session ,域: .www.example.com

The same thing happens with the Facebook session cookies, when a user used Facebook to authenticate:当用户使用 Facebook 进行身份验证时,Facebook 会话 cookie 也会发生同样的事情:

  • fbm_123456 , domain: .example.com fbm_123456 ,域: .example.com
  • fbm_123456 , domain: .www.example.com fbm_123456 ,域名: .www.example.com

In both cases, the expiry dates on the duplicated cookies are different在这两种情况下,重复 cookie 的到期日期不同

This cookie duplication causes problems with authentication - some users try to log in, but get redirected back to the homepage, with the auth state unchanged.这种 cookie 重复会导致身份验证问题- 一些用户尝试登录,但被重定向回主页,身份验证状态未更改。

I can't seem to reproduce the issue, or rather what's causing it.我似乎无法重现这个问题,或者更确切地说是什么导致了它。 I think, though, it may be linked to Laravel session expiring, or to logging the user in via the remember-me token.不过,我认为它可能与 Laravel 会话过期有关,或者与通过记住我的令牌登录用户有关。

Does anyone have an idea why would the cookies be duplicated?有谁知道为什么要复制cookie?

UPDATE:更新:

Actually, I realize now that the only difference between our other Laravel project and this one is that here we explicitly set the laravel_session domain (to .example.com ).实际上,我现在意识到我们的另一个 Laravel 项目和这个项目之间的唯一区别是我们在这里明确设置了laravel_session域(到.example.com )。 May be a lead.可能是主角。

2 个解决方案

解决方案1
 1  2017-05-16 09:46:32

To anyone having a similar problem: we solved it actually easily after we realized we could specify the session cookie name ourselves, per (sub)domain.对于遇到类似问题的任何人:在我们意识到我们可以自己为每个(子)域指定会话 cookie 名称之后,我们实际上很容易地解决了这个问题。

So, we adjusted the config/session.php cookie key:因此,我们调整了config/session.php cookie键:

'cookie' => env('SESSION_COOKIE_NAME', 'laravel_session')

and then we set the SESSION_COOKIE_NAME variable in respective .env files, like this:然后我们在相应的.env文件中设置SESSION_COOKIE_NAME变量,如下所示:

# subdomainA.example.com
SESSION_COOKIE_NAME=subdomainA_session

or或者

# subdomainB.example.com
SESSION_COOKIE_NAME=subdomainB_session

etc.等等。

Hope this helps.希望这可以帮助。

解决方案2
 0  2020-08-17 14:16:02

登录后重新生成会话,问题解决。

session()->regenerate();

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP如何使用Cookie在同一浏览器中管理多个会话? - PHP how to manage multiple session in same browser using cookies? 带有API令牌的Laravel会话cookie - Laravel session cookies with API token 每次刷新在会话文件夹中创建的多个会话文件:Laravel - Every refresh Multiple sessions file created in session folder : Laravel laravel 5.2.* 中的每个请求都会创建多个会话文件 - multiple session files are created on each request in laravel 5.2.* 多个具有相同名称的cookie - Multiple cookies with same name 设置了多个SESSION Cookie? - multiple SESSION cookies being set? Laravel缓存将多个子域上的多个Laravel应用程序视为同一应用程序? - Multiple Laravel applications on multiple subdomains treated as same app by Laravel cache? 在 JS 中创建的 Laravel 刀片中读取 cookies - Read cookies in Laravel Blade created in JS 同一laravel应用中哨兵的多种配置 - multiple configurations for sentry in same laravel app Laravel 登录问题 - Session Cookies 未通过? - Laravel Login Issue - Session Cookies Not Passed?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM