Laravel 5.1.使用移动浏览器的令牌和会话令牌有所不同(登录操作) [英] Laravel 5.1. Token from and session token are different using mobile browser (login action)

问题描述

我有此登录表格:

<form class="form-horizontal" role="form" method="POST" action="{{ url('/auth/login') }}">
    <input type="hidden" name="_token" value="{{ csrf_token() }}">
    ...

我从桌面(IE，Chrome，Firefox，...)使用浏览器登录都没有问题，但是问题来自移动设备(Android平台).

I login with no problem using a browser from a desktop (IE, Chrome, Firefox, ...), but the problem comes from mobile device (android platform).

我得到了这个例外:

TokenMismatchException in VerifyCsrfToken.php line 53.

当我转到VerifyCsrfToken.php时，我发现从表单传递的令牌和从会话对象获取的令牌是不同的.但这只发生在我的Android手机上.

When I went to VerifyCsrfToken.php I discovered that the token passed from the form and the token taked from session object are different. But this only happens from my android phone.

在VerifyCsrfToken.php文件中名为tokensMatch的函数上(

On function called tokensMatch in the file VerifyCsrfToken.php (link to github) I add this code to see what was happening:

echo '<br>X-CSRF-TOKEN:'.$request->header('X-CSRF-TOKEN');
echo '<br>X-XSRF-TOKEN:'.$request->header('X-XSRF-TOKEN');
echo '<br>token:'.$request->input('_token');
echo '<br>sessionToken:'.$request->session()->token();  

Token和sessionToken不同(其他两个值为空).

Token and sessionToken are different (the other two value are empty).

关于此的任何线索吗?仅在使用移动设备(经过两个android测试)时才会发生这种情况.

Any clues about this? This only happens using a mobile device (two android tested).

更新:我将令牌输入设置为文本，以从浏览器查看内容.事实是，在移动设备中，当我刷新url [domain.com]/auth/login时，令牌在每次调用中都会更改，但是从桌面浏览器中，令牌不会更改.我认为在移动设备中，每次通话都会创建和销毁会话.

UPDATE: I set the token input to text to view the content from the browser. The thing is that in mobile devices when I refresh the url [domain.com]/auth/login, the token changes in every call, however, from desktop browser the token do not change. I think that in mobile devices the sessions is created and destroyed in every call.

更新2 :我确认问题出在每个请求中，都是因为令牌的更改而引起的.我不知道这仅发生在移动设备上.

UPDATE 2: I confirm that the problems comes by the changing of token in every request. I don't know that this happens only from mobile devices.

推荐答案

已解决.

问题是session.php中'domain'键的值错误.在移动设备上，出于任何原因，cookie的政策都受到更多限制.

The problem was a wrong value of 'domain' key in session.php. On mobile devices for any reason the cookies policies are more restricted.

我有这个值:

'domain' => env('SESSION_DOMAIN', 'www.[mydomain].com'),

我需要删除www.，所以该值必须像这样:

I need to remove www., so this value must be like this:

'domain' => env('SESSION_DOMAIN', '[mydomain].com'),

出于任何原因，无需特殊配置的桌面浏览器，cookie都不会出现问题.

For any reason from desktop browser with no special configuration the cookie works with no problem.

这篇关于Laravel 5.1.使用移动浏览器的令牌和会话令牌有所不同(登录操作)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！