使用AJAX时未加密Laravel会话cookie [英] Laravel session cookie not encrypted when using AJAX

问题描述

我将为我的应用程序创建一个单点登录界面.另一个应用程序发送AJAX POST请求，然后我对用户进行身份验证并返回响应.已设置会话cookie，但未加密.

I'm about to create a single-sign-on interface for my app. The other app sends an AJAX POST request and I authenticate the user and return a response. A session cookie is beeing set, but it is not encrypted.

相关代码

$user = User::where('email', $email)->first();
if ($user) {
  Auth::login($user);
  return response("OK", 200);
}

我在Kernel.php中的"api"部分

My 'api' part in Kernel.php

'api' => [
    'throttle:60,1',
    'bindings',
    \Illuminate\Session\Middleware\StartSession::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    \App\Http\Middleware\EncryptCookies::class,
],

我的路线(没有其他中间件)

My route (no additional Middleware)

Route::post(
  '/auth-request', [
  'uses' => 'UserController@post_authenticateRequest',
  'as' => 'authrequest'
]);

Kernel.php中的EncryptCookies类似乎对AJAX发布请求没有任何影响-而是仅对会话部分有效.当我手动添加Cookie

The EncryptCookies class in Kernel.php doesn't seem to have any effect in the AJAX post request - but only for the session part. When I manually add a cookie like

response("OK", 200)->cookie("mysession", Session::getId(), 60);

它已加密！

当我完全删除Kernel.php中针对"api"和"web"的EncryptCookies时，从AJAX请求创建的会话将正确加载-但不再进行加密.

When I completely remove EncryptCookies in Kernel.php for both "api" and "web" the created session from the AJAX request is loaded correctly - but without encryption anymore.

如何加密AJAX会话Cookie?我还需要其他中间件吗?

How do I get the AJAX session cookie beeing encrypted? Do I need any other Middleware?

感谢您的帮助.

推荐答案

从lagbox中读取注释后，我在"api"部分尝试了几个EncryptCookies :: class定义的地方.我不仅需要将其放置在StartSession之前，而且还需要将其放置为第一个元素.现在就可以了！

After reading the comment from lagbox, I've tried several places for the EncryptCookies::class definition in my "api" part. I need to place it not only before StartSession but as the first element. And now it works!

我在Kernel.php中完整的$ middlewareGroups部分现在看起来像这样:

My complete $middlewareGroups part in Kernel.php now looks like this:

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \App\Http\Middleware\App::class,
    ],

    'api' => [
        \App\Http\Middleware\EncryptCookies::class,
        'throttle:60,1',
        'bindings',
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    ],
];

希望这对您有所帮助.

这篇关于使用AJAX时未加密Laravel会话cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！