CakePHP 3.6更新后的无限登录循环 [英] Infinite Login Loop after CakePHP 3.6 update
问题描述
。
当我使用URL / manager / login(对应于LoginController,Managerr前缀)登录时,一切正常。
in my application, based on CakePHP, I'm using. When I'm logging in using the URL /manager/login (corresponding to LoginController, Managerr prefix) everything is OK.
当我注销或使用时/ manager结果如下:
When I logout or I use /manager the result is the following:
/manager/login?redirect=%2Fmanager%2Flogin%3Fredirect%3D%252Fmanager%252Flogin%253Fredirect%253D%25252Fmanager%25252Flogin%25253Fredirect%25253D%2525252Fmanager%2525252Flogin%2525253Fredirect%2525253D%252525252Fmanager%252525252Flogin%252525253Fredirect%252525253D%25252525252Fmanager%25252525252Flogin%25252525253Fredirect%25252525253D%2525252525252Fmanager%2525252525252Flogin%2525252525253Fredirect%2525252525253D%252525252525252Fmanager%252525252525252Flogin%252525252525253Fredirect%252525252525253D%25252525252525252Fmanager%25252525252525252Flogin%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmanager%2525252525252525252Flogin%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmanager%252525252525252525252Flogin%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fmanager%25252525252525252525252Flogin%25252525252525252525253Fredirect%25252525252525252525253D%2525252525252525252525252Fmanager%2525252525252525252525252Flogin%2525252525252525252525253Fredirect%2525252525252525252525253D%252525252525252525252525252Fmanager%252525252525252525252525252Flogin%252525252525252525252525253Fredirect%252525252525252525252525253D%25252525252525252525252525252Fmanager%25252525252525252525252525252Flogin%25252525252525252525252525253Fredirect%25252525252525252525252525253D%2525252525252525252525252525252Fmanager%2525252525252525252525252525252Flogin%2525252525252525252525252525253Fredirect%2525252525252525252525252525253D%252525252525252525252525252525252Fmanager%252525252525252525252525252525252Flogin%252525252525252525252525252525253Fredirect%252525252525252525252525252525253D%25252525252525252525252525252525252Fmanager%25252525252525252525252525252525252Flogin%25252525252525252525252525252525253Fredirect%25252525252525252525252525252525253D%2525252525252525252525252525252525252Fmanager%2525252525252525252525252525252525252Flogin%2525252525252525252525252525252525253Fredirect%2525252525252525252525252525252525253D%252525252525252525252525252525252525252Fmanager%252525252525252525252525252525252525252Fprofile
在查询字符串无限循环并且服务器返回404.15错误。
An infinite loop in query string and the server return a 404.15 error.
3.5中使用的配置相同
Same configuration used in 3.5
$this->loadComponent('Auth', [
'fields' => [
'username' => 'email',
'password' => 'password'
],
'loginAction' => [
'prefix' => 'manager',
'controller' => 'Login',
'action' => 'index',
'plugin' => false
],
'loginRedirect' => [
'prefix' => 'manager',
'controller' => 'Managers',
'action' => 'index',
'plugin' => false
],
'logoutRedirect' => [
'prefix' => 'manager',
'controller' => 'Login',
'action' => 'index',
'plugin' => false
],
'authenticate' => [
'Form' => [
'passwordHasher' => [
'className' => 'DressFinder'
],
'fields' => [
'username' => 'email',
'password' => 'password'
],
'userModel' => 'Managers'
]
],
'authError' => __('You are not authorized to access that location.'),
'storage' => [
'className' => 'Session',
'key' => 'Auth.Managers'
]
]);
未更改任何路由,并且在没有前缀的控制器中,登录/登录操作有效。
No routes has been changed, and in controller without prefixes the login/logut actions work.
感谢您的帮助。
推荐答案
那是一个错误,身份验证组件进行了比较使用当前URL的登录操作包括查询字符串参数,这会导致不匹配,将用户视为未经身份验证的用户,从而触发重定向到登录操作的操作,然后该操作再次开始。
That's a bug, the authentication component compares the login action with the current URL including the query string argument, which causes a mismatch, treating the user as unauthenticated, and thus triggering a redirect to the login action, where the same procedure then starts again.
此问题将在3.6.1中修复,如果您迫不及待,请手动应用补丁,直到新版本可用为止。
This will be fixed in 3.6.1, if you cannot wait, apply the patch manually until the new version is available.
请参阅
- https://github.com/cakephp/cakephp/issues/11943
- https://github.com/cakephp/cakephp/pull/11949
这篇关于CakePHP 3.6更新后的无限登录循环的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
