如何在Laravel中为每个用户请求生成新的CSRF令牌? [英] How to generate new CSRF Token for each user request in Laravel?
问题描述
我想为每个请求用户生成新的CSRF令牌.我确实知道此技术不好,并且不允许用户同时发出请求.但是我仍然希望实现它.
Im suppose to generate new CSRF token for each request user make. I do understand this technique is not good and it wont allow user to make simultaneous request. But still I wish to implement it.
我在 Middleware/VerifyCsrfToken 中具有覆盖功能 addCookieToResponse .通过添加 $ request-> session()-> regenerateToken().
I have override function addCookieToResponse in Middleware/VerifyCsrfToken. By adding $request->session()->regenerateToken().
protected function addCookieToResponse($request, $response)
{
$config = config('session');
$request->session()->regenerateToken();
$response->headers->setCookie(
new Cookie(
'XSRF-TOKEN', $request->session()->token(), $this->availableAt(60 * $config['lifetime']),
$config['path'], $config['domain'], $config['secure'], $config['http_only'], false, $config['same_site'] ?? null
)
);
return $response;
}
令牌不断变化,但是在POST请求期间,由于 csrf_token()令牌过旧,我收到TokenMismatchExcemption.似乎在addCookieToResponse()之前调用了crsf_token().有没有更好的方法来实现这项技术?
The token keep changing but during POST request I receive TokenMismatchExcemption due to csrf_token() token to be old.It seems crsf_token() is called before addCookieToResponse(). Is there any better way to implement this technique?
推荐答案
您想要实现的目标有点怪异,但我像一个中间件那样思考:
Well its a bit weird what you're trying to achieve but i think about this like an after middleware:
$response = $next($request); // process petition
$request->session()->regenerateToken(); // regenerate token
return $response; // send response
请分享结果
这篇关于如何在Laravel中为每个用户请求生成新的CSRF令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!