Laravel TokenMismatchException会话超时 [英] Laravel TokenMismatchException session timeout

问题描述

我遇到一个问题，当用户闲置超过24小时(我的会话超时)，或离开网站，然后在24小时后返回时，他们并没有被注销，但是会话即将过期，或者至少他们的_token不再有效.

I am running into an issue where when a user sits idle for more than 24 hours (my session timeout), or leaves the site and then comes back after 24 hours, they are not being logged out of the site, but their session is being expired, or at least their _token is no longer valid.

这会导致不必要的行为，就像用户的_token过期后提交表单一样，他们现在收到TokenMismatchException.

This causes unwanted behavior as if the user submits a form after their _token has expired and they now receive a TokenMismatchException.

在本地看来，当空闲时间超过会话生存期时，用户将注销，但是在实时服务器上的生产中并非如此，空闲时间可能会超过会话生存期，而用户仍在登录如果用户已登录，Auth::check()和Auth::user()都将按预期运行.

Locally it seems that when the idle time exceeds the session lifetime the user is logged out, however in production on the live server this is not the case, the idle time can surpass the session lifetime and yet the user is still logged in and Auth::check() and Auth::user() both function as expected if a user were logged in.

什么导致用户即使会话已过期也无法注销?

What would cause the user to not be logged out, even though their session has expired?

有没有一种方法可以检查会话是否已过期，以便随后可以手动注销用户并显示一条消息，要求他们重新登录?

Is there a way I can check that the session has expired so that I can then manually log the user out with a message asking them to log back in?

我试图使用App::before过滤器检查会话上的last_activity并确定它是否已过期，但是一旦会话过期，我将无法再访问它，因为它已从数据库中删除，因此我无法比较时间戳以确定用户是否需要手动注销并提示重新登录.

I have tried to use the App::before filter to check the last_activity on the session and determine if it has expired, but once the session has expired I no longer have access to it as it has been removed from the database, therefore I can not compare the timestamps to determine if the user needs to be manually logged out and prompted to re login.

我的会话配置:

'driver' => 'database',

'lifetime' => 1440,

'expire_on_close' => false,

谢谢.

推荐答案

很长时间以来，我一直在努力寻找解决方案. 95％的时间一切正常，但是某些AJAX请求因此Illuminate\Session\TokenMismatchException错误而随机死亡.

I've also been struggling to find a solution to this problem for a long time. Everything goes fine 95% of the time, but some AJAX requests randomly die with this Illuminate\Session\TokenMismatchException error.

现在我部署了一个快速修复程序-我将这段代码放入了布局中:

Just now I deployed a quick-and-dirty fix -- I put this piece of code into the layout:

setInterval(function () {
  $.get(window.location.origin + '/keepSessionAlive')
    .fail(function(response) {
      Sentry.trackError(
        'KeepSessionAlive request failed. ' +
        'Response: ' + JSON.stringify(response)
      );
    });
}, 300000);

就像转储一样，它只是每5分钟向服务器发送一个请求，以确保会话保持活动状态.

As dump as it looks, it simply sends a request to the server every 5 minutes to make sure the session is kept alive.

(/keepSessionAlive端点位于web中间件组下，仅返回{ success: true })

(The /keepSessionAlive endpoint is under the web middleware group and just returns { success: true })

希望这会有所作为:)

Hope it will make a difference :)

这篇关于Laravel TokenMismatchException会话超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！