Laravel:会话过期后用户注销
[英]Laravel: user logs out after session has expired
问题描述
I'm using Laravel 5.5 and the regular provided authentication. 
我正在使用Laravel 5.5和常规提供的身份验证。
Situation : The user leaves his computer for 2 hours (the default session timeout) and before leaving the office, he clicks on Logout. 情况 :用户离开计算机2个小时(默认会话超时),然后在离开办公室之前,单击“注销”。
Problem : The user gets the following error: 问题 :用户收到以下错误:
The page has expired due to inactivity.
Refreshing the page has no effect. 刷新页面无效。 The same message is displayed again. 再次显示相同的消息。
With Laravel 5.4, I had the following error: 使用Laravel 5.4,我遇到以下错误:
TokenMismatchException in VerifyCsrfToken.php (line 68)
The link for logout is in the layout app.blade.php and hasn't been changed: 注销链接位于布局app.blade.php ,尚未更改:
<li>
<a href="{{ route('logout') }}"
onclick="event.preventDefault();
document.getElementById('logout-form').submit();">
<span class="glyphicon glyphicon-off"></span>
Logout
</a>
<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
{{ csrf_field() }}
</form>
</li>
Question How can I avoid the csrf validation when user clicks on logout? 问题当用户单击注销时如何避免csrf验证?
1 个解决方案
解决方案1
-1 2017-09-20 11:09:13
I've just added an exception in App\\Http\\Middleware\\VerifyCsrfToken.php 我刚刚在App\\Http\\Middleware\\VerifyCsrfToken.php添加了一个例外
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'logout'
];
Ajay Deepak Kumar and Omisakin Oluwatobi are right. Ajay Deepak Kumar和Omisakin Oluwatobi是正确的。 This makes the website vulnerable. 这使网站容易受到攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.