当用户会话在Laravel 5.5中过期时自动重定向 [英] Redirect automatically when user session expires in Laravel 5.5

问题描述

我想使用Laravel函数在用户会话到期时自动重定向到我的登录页面. 当用户尝试访问另一个页面并且会话过期时，我会进行重定向. 我设置了一个生存期，该生命期将由于用户的不活动状态而自动注销，并且我想要的是在会话超时时立即重定向.

I want to redirect automatically to my login page when a user session expires using Laravel functions. I do redirect when a user try to access to another page and the session expires. I have set a lifetime which helps to log out automatically because of user's inactivity, and what I want is to redirect instantly when that session timeout.

我尝试使用JavaScript超时，但是当用户一次使用多个页面时，此功能不起作用.

I tried using JavaScript to timeout but this is not functional when the user is using more than one page at time.

我也尝试过使用AJAX，每分钟发送一次请求以检查会话状态，这是可行的，但是当项目在生产中时，有很多请求只是为了检查会话状态而发给服务器的. (这是帮助我完成此

I also tried using AJAX, sending requests to check session status every minute, this works but when the project is in production there's many requests to the server just for checking the session status. (This is the link which helped me for this https://laracasts.com/discuss/channels/laravel/help-is-neededd-on-idle-session-time-out)

现在，我正在尝试通过 unauthenticated()函数使用 App/Exceptions/Handler.php :

Now, I'm trying using App/Exceptions/Handler.php, with the the unauthenticated() function:

protected function unauthenticated($request, AuthenticationException $exception)
{
  if ($request->expectsJson()) {
        return response()->json(['error' => 'Unauthenticated.'], 401);
    }

    return redirect()->guest(route('login'));
}

(在会话到期时将用户重定向到登录页面-Laravel )

最后一个解决方案不起作用，没有错误出现，但绝对没有做任何事情.

This last solution is not working, no error appears but is doing absolutely nothing.

如果可以的话，请告诉我正确的方法.

If is it possible, please tell me the right way to do it.

推荐答案

由于会话具有固定的生命周期，因此您可以将该信息传递给客户端，并让客户端负责查询服务以确定会话到期时间期望会话已过期，因此他们不会一直在查询您的服务的会话状态，而只是在它可能已过期的时间进行查询.

As your sessions have a fixed lifetime you can pass that information to the client and give the client responsibility for querying the service to determine session expiry at the time when you expect the session to have expired so that instead of constantly querying your service for their sessions status, they're only querying when it's likely to have expired.

1. 用户向您的网站发出请求
2. 中间件生成一个时间戳，表示它们的会话将终止的时间点，并将其返回给客户端以作为cookie存储.
3. Javascript在客户端上运行，该客户端从cookie检索其会话到期的时间戳，然后在达到该时间戳时，您检查cookie值是否已更改，如果没有更改，则向您的会话状态端点发出请求以确认他们的会话不再有效
4. 您的会话状态端点返回一个过期状态(触发非活动会话行为)或，它返回一个新的时间戳，您可以使用该时间戳更新cookie，以便该过期时再次重复该过程达到

1. A user makes a request to your website
2. Middleware generates a timestamp representing the point at which their session will expire and returns it to the client to be stored as a cookie
3. Javascript runs on the client that retrieves the timestamp of their session expiry from the cookie and then when that timestamp is reached you check if the cookie value has changed, and if not then a request is made to your session status endpoint to confirm their session is no longer active
4. Your session status endpoint returns either an expired status (which triggers the inactive session behaviour) or it returns a new timestamp which you can then update the cookie with so that the process repeats again when that expiry is reached

个人而言，我不建议在会话期满后自动将某人重定向到登录表单，因为这意味着当他们打开许多页面时，每个页面现在都将是登录表单，这是一个错误的用户经验.许多技术用户会理解，他们可以登录一个页面然后刷新其他页面，但是许多非技术人员则不会，他们相信他们必须在每个页面上输入用户名和密码.

Personally I would not recommend automatically redirecting someone to the login form when their session has expired because it means when they have many pages open each page will now be the log in form which is a bad user experience. Many technical users will understand that they can log in on one page and then refresh the others, however many non-technical people won't and they will believe they have to enter their username and password on every single page.

如果即使在页面加载后您的应用程序仍依赖于活动会话(即，它是使用ajax的单页面应用程序)，则当会话过期时，您应使用您的会话已过期，请再次登录以继续使用此页面"，当他们单击登录"时，您首先要检查他们是否有活动的会话，如果不是，那么您是否重定向到登录表单.这意味着，如果他们打开了许多标签，并且会话期满，那么当他们返回这些标签并单击登录"按钮时，其页面使用将立即恢复.这是更好的用户体验.

If your application depends on an active session even after page load -- i.e it's a single page application that uses ajax -- then when the session expires you should disable the page with a modal that says "Your session has expired, please log in again to continue using this page" and when they click login you first check if they've got an active session and if not only then do you redirect to the log in form. This means that if they have many tabs open and their session expires, when they return to those tabs and click the "log in" button their page use immediately resumes. This is a much better user experience.

这篇关于当用户会话在Laravel 5.5中过期时自动重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！