laravel和来自同一浏览器的多会话 [英] laravel and multi-sessions from the same browser

问题描述

在我们的Web应用程序中，如果我使用单个浏览器，则以用户A身份登录到我们的应用程序，打开另一个选项卡并以用户B身份登录-用户A丢失了他的会话数据.我认为这是由于与用户代理共享的Cookie所致.有没有办法用用户名来连接其名称?以便会话可以在同一台计算机上使用同一浏览器的并发登录用户之间共存?

In our web app, If I use a single browser, login to our application as user A, open another tab and login as user B - User A loses his session data. I assume this is due to a shared cookie made out with the user-agent. Is there a way to concat its name with a username? so that sessions can co-exist between concurrent logged in users using the same browser on the same machine?

我们使用Laravel5.有没有解决的办法?

We use Laravel 5. Is there any way around it?

推荐答案

Laravel会话背景

会话

跳过此部分以快速简便地解决问题

在Laravel中，会话cookie是通过Illuminate\Session\SessionManager类(即通过buildSession方法)创建的:

In Laravel, session cookies are created via the Illuminate\Session\SessionManager class, namely through the buildSession method:

SessionManager :: buildSession

protected function buildSession($handler)
{
    if ($this->app['config']['session.encrypt']) {
        return new EncryptedStore(
            $this->app['config']['session.cookie'], $handler, $this->app['encrypter']
        );
    } else {
        return new Store($this->app['config']['session.cookie'], $handler);
    }
}

在这种方法中，我们可以清楚地看到会话的名称来自我们的config\session.php，尤其是这一行:

In this method we can clearly see that the name of the session comes from our config\session.php, looking in particular this line:

session.php

'cookie' => 'laravel_session', # ~~ ln 121 at time of writing

好吧，但这没什么用，改变它，将它改变到任何地方，正如配置中注释的注释所指出的那样.

Ok, but that doesn't help a lot, changing this, changes it everywhere, as noted by the comment proceeding it in the config.

每次使用新的会话Cookie时，都会使用此处指定的名称 由框架为每个驱动程序创建.

The name specified here will get used every time a new session cookie is created by the framework for every driver.

即使我们可以传递一些动态值，例如:

And even if we could pass it some dynamic value, something like:

'cookie' => 'laravel_session' . user()->id,

这会创建一个矛盾的，以时间结尾的，宇宙内爆的结果，因为您是从user请求id的，而通过session名称laravel_session查找的session可以访问id..(mindblown )

This creates a paradoxical, time ending, universe imploding outcome because you are requesting the id from the user which is accessed via the session looked up by the cookie name laravel_session.. (mindblown)

让我们离开SessionManager，而它是单独的session.php配置.从上方我们可以看到，无论我们如何处理，所有会话信息都将归入单个laravel_session键.

Let's leave SessionManager and it's session.php configuration alone. We can see from above that regardless of how we approach this, all our session info will be fall under that single laravel_session key.

也许Guard会提供更多信息.

Maybe Guard will have some more information.

Guard是您对应用程序进行身份验证的关键，也是使Laravel能够快速创建应用程序的原因之一.

Guard is your key to auth into your app, and one of the many things that makes Laravel awesome for quickly creating applications.

要查看的方法是Guard::user().

Guard::user()在进行一些初始缓存并注销检查后，要做的第一件事就是会话检查.

One of the first things Guard::user() does after some initial cache and logged out checking, is a session check.

Guard :: user()

$id = $this->session->get($this->getName()); 

因此，在这里，Laravel正在获取与getName()的结果匹配的会话值-太棒了-我们需要做的只是mod getName()返回一个值，让我们来研究一下该方法:

So here, Laravel is fetching the session values that match the result of getName() - awesome - all we need to do is mod getName() to return a value, let's take a took at that method:

Guard :: getName()

public function getName()
{
    return 'login_'.md5(get_class($this));
}

这很简单. $this指的是Guard类，因此md5实际上将始终是相同的(如果有人知道md5后面的为什么"，其类名每次都相同，请发表评论).

That's pretty straight forward. $this refers to the Guard class, so the md5 will effectively always be the same (if anyone knows the 'why' behind md5'ing the class name which would be the same each time, leave a comment).

在一些地方应该对此进行更新，例如getRecallerName.

There are a few places where this should be updated, such as getRecallerName.

因此，从这里开始，您可以扩展核心Guard类，并在您的getName和getRecallerName方法中进行拼接.

So from here, you can extend the core Guard class and splice in your getName and getRecallerName methods.

您可能希望为此包装一些服务提供商，编写一些单元测试，甚至可能覆盖原始身份验证管理器.

You will probably want to wrap some service provider around this, write some unit tests, possibly even overwrite the original auth manager.

天哪，这似乎是很多工作"

"Geez, that seems like a lot of work"

确定是比利，确定是"

"It sure is Billy, it sure is"

https://www.youtube.com/watch?v=dTxQ9yhGnAg

请参阅下一部分

Ollie Read已经创建了一个解决方案，可以在这里找到:

Ollie Read has already created a solution, found here:

https://github.com/ollieread/multiauth

我鼓励您看一下，尤其是自定义Guard类，该类使用自定义getName方法扩展了核心Guard.

I encourage you to have a look, especially the custom Guard class which extends core Guard with custom getName methods.

这篇关于laravel和来自同一浏览器的多会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！