![](/img/trans.png)
[英]Is it possible to get rid of laravel_session in Set-Cookie of a request?
[英]Laravel: set-cookie on EVERY request
我正在使用Laravel一段時間,但我對一件事有疑問。 Laravel為每個請求設置cookie。 無論用戶是否登錄。
我認為這不是Laravel的正常行為。 用戶登錄后,我們無需為每個請求都為其創建新會話。 我們要不要? 那么,為什么laravel為用戶發送的每個請求生成新的會話和csrf令牌? 並且它也為來賓用戶生成這些會話和令牌,這是完全不必要和無用的。
我怎么能阻止這個?
我使用Laravel 5.2和File作為會話驅動程序。
這是我的路線和中間件的示例:
路線:
<?php
Route::get('/login', 'UserController@login');
Route::post('/login', 'UserController@postLogin');
Route::get('/link/{link}', 'HomeController@link');
$router->group(['middleware' => ['auth']], function() {
Route::get('/', 'HomeController@index');
Route::post('/', 'HomeController@postindex');
Route::get('/home', 'HomeController@index');
Route::post('/home', 'HomeController@postindex');
Route::get('user/{username}', 'UserController@user_info');
Route::post('user/{username}', 'UserController@post_user_info');
Route::get('/logout', 'UserController@logout');
});
$router->group(['middleware' => ['auth', 'role:2']], function() {
Route::get('/tools/register', 'UserController@register');
Route::post('/tools/register', 'UserController@postregister');
Route::get('/tools/users', 'AdminController@users');
Route::post('/tools/users', 'AdminController@post_users');
});
Route::controllers([
'password' => 'Auth\PasswordController',
]);
Kernel.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* @var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
];
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'role' => \App\Http\Middleware\Role::class,
];
}
我沒有檢查,但是您的路由可能位於默認的“ Web”中間件組中,該組默認具有session / cookies / csrf。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.