CSRF令牌不匹配Laravel 4 [英] CSRF Token Mismatch Laravel 4

问题描述

这让我发疯.无论是从Laravel表单还是从AJAX，我在每个POST上都收到令牌不匹配的情况.我向过滤器添加了一些代码，向我展示了与_token的会话:

This is driving me crazy. I'm getting token mismatches on each POST whether from a Laravel form or from AJAX. I added some code to the filter to show me the session vs. _token:

Route::filter('csrf', function()
{
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {

    $token = Input::has('_token') ? Input::get('_token') : '';
    $sessionToken = Session::token();

    if ($sessionToken != $token)
    {
        $message = 'Token mismatch';

        // This one is for debug purposes only
        return Response::json(['flash' => "$message; session: $sessionToken ; yours : $token"], 401);

        return Response::json(['flash' => $message], 401);
    }
  }
  });

这是登录表单:

        {{ Form::open(array('route' => 'sessions.store')) }}

        <div class="form-group">
            {{ Form::label('email', 'Email Address') }}
            {{ Form::text('email', '', array('placeholder' => 'example@gmail.com', 'class' => 'form-control')) }}
        </div>

        <div class="form-group">
            {{ Form::label('password', 'Password') }}
            {{ Form::password('password', array('placeholder' => 'Enter your password', 'class'=>'form-control')) }}
        </div>

        <div class="form-group">
            {{ Form::submit('Sign in', array('class' => 'btn login'))}}

            <a href="{{{ URL::to('session/registration') }}}" class="btn signup">Create an Account</a>
        </div>

    {{ Form::close() }}

例如，登录时，这是我得到的令牌不匹配闪存:

For example when logging in, here is the token mismatch flash I get:

{"flash":"Token mismatch; session: uN3sd8PNWUfgTuqc1RZrRfXgpGpHOEKkCtoo3XVX ; yours : Ybmn6u80rLpxIcGdahd7KT2eR6WmcaPN28arZ9kg"}

当我将app/config/session.php设置为'apc'时，就会发生这种情况.将其设置为本机"或"cookie"时，一切都很好.我已将缓存设置为"apc"，这是我们服务器上的缓存引擎.

It's happening when I have app/config/session.php set to 'apc'. All is fine when it's set to 'native' or 'cookie'. I have cache set to 'apc', which is our caching engine on our server.

想法?

推荐答案

您没有通过POST请求提交_token.

添加

  <input type="hidden" name="_token" value="<?php echo csrf_token(); ?>"

在{{Form::close()}}

http://laravel.com/docs/security#protecting-routes

这篇关于CSRF令牌不匹配Laravel 4的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！