CSRF令牌不匹配Laravel 4 [英] CSRF Token Mismatch Laravel 4
问题描述
这让我发疯.无论是从Laravel表单还是从AJAX,我在每个POST上都收到令牌不匹配的情况.我向过滤器添加了一些代码,向我展示了与_token的会话:
This is driving me crazy. I'm getting token mismatches on each POST whether from a Laravel form or from AJAX. I added some code to the filter to show me the session vs. _token:
Route::filter('csrf', function()
{
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
$token = Input::has('_token') ? Input::get('_token') : '';
$sessionToken = Session::token();
if ($sessionToken != $token)
{
$message = 'Token mismatch';
// This one is for debug purposes only
return Response::json(['flash' => "$message; session: $sessionToken ; yours : $token"], 401);
return Response::json(['flash' => $message], 401);
}
}
});
这是登录表单:
{{ Form::open(array('route' => 'sessions.store')) }}
<div class="form-group">
{{ Form::label('email', 'Email Address') }}
{{ Form::text('email', '', array('placeholder' => 'example@gmail.com', 'class' => 'form-control')) }}
</div>
<div class="form-group">
{{ Form::label('password', 'Password') }}
{{ Form::password('password', array('placeholder' => 'Enter your password', 'class'=>'form-control')) }}
</div>
<div class="form-group">
{{ Form::submit('Sign in', array('class' => 'btn login'))}}
<a href="{{{ URL::to('session/registration') }}}" class="btn signup">Create an Account</a>
</div>
{{ Form::close() }}
例如,登录时,这是我得到的令牌不匹配闪存:
For example when logging in, here is the token mismatch flash I get:
{"flash":"Token mismatch; session: uN3sd8PNWUfgTuqc1RZrRfXgpGpHOEKkCtoo3XVX ; yours : Ybmn6u80rLpxIcGdahd7KT2eR6WmcaPN28arZ9kg"}
当我将app/config/session.php设置为'apc'时,就会发生这种情况.将其设置为本机"或"cookie"时,一切都很好.我已将缓存设置为"apc",这是我们服务器上的缓存引擎.
It's happening when I have app/config/session.php set to 'apc'. All is fine when it's set to 'native' or 'cookie'. I have cache set to 'apc', which is our caching engine on our server.
想法?
推荐答案
您没有通过POST
请求提交_token
.
添加
<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>"
在{{Form::close()}}
http://laravel.com/docs/security#protecting-routes
这篇关于CSRF令牌不匹配Laravel 4的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!