在Laravel 4 API完全禁用饼干 [英] Fully disable cookies in Laravel 4 API

问题描述

我使用Laravel建立一个RESTful API。我使用基本HTTP认证（验证头），用此过滤器：

I am using Laravel to build a RESTful API. I use Basic HTTP Auth (Authenticate header), with this filter:

Route::filter('auth', function()
{
    $credentials = ['email' => Request::getUser(), 'password' => Request::getPassword()];

    if (!Auth::once($credentials)) {
        $response   = ['error' => true, 'message' => 'Unauthorized request'];
        $code       = 401;
        $headers    = ['WWW-Authenticate' => 'Basic'];

        return Response::json($response, $code, $headers);
    }
});

它的工作原理，但Laravel然后尝试设置用户的cookie（发送设置Cookie 头）。我试过 session.driver 配置项设置为阵列，只看到现在发送设置Cookie：laravel_session =删除啄

It works, but Laravel then tries to set a cookie for the user (sending a Set-Cookie header). I tried setting the session.driver configuration key to array, only to see it now sends a Set-Cookie: laravel_session=deleted thingy.

我怎样才能完全禁用此设置Cookie 头？

How can i fully disable this Set-Cookie header?

感谢您。

推荐答案

有关无状态的API，没有饼干和清洁头以下工作：

For stateless APIs, no cookies and clean headers the following works:

Route::filter('auth.basic', function()
{
    Config::set('session.driver', 'array');
    return Auth::onceBasic();
});

请注意，上述使用验证:: onceBasic（），它由于某种原因仍发送设置Cookie头。根据文档onceBasic AUTH是无状态的;也许cookie将被用于提供信息发送，是调​​试模式的副作用，或者也许这是一个错误。无论哪种方式配置::设置（...）仍然需要。航线上快速卷曲此过滤器返回如下标头：

Note that the above is using Auth::onceBasic() which for some reason still sends the "Set-Cookie" header. According to the docs onceBasic auth is stateless; perhaps the cookie is sent for information purposes, is a side-effect of debug mode, or maybe it's a bug. Either way Config::set(...) is still required. A quick curl on routes with this filter return the following headers:

HTTP/1.1 200 OK
Date: Wed, 12 Feb 2014 02:34:26 GMT
Server: Apache/2.4.6 (Ubuntu)
X-Powered-By: PHP/5.5.3
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: application/json

验证:: onceBasic（）似乎是一个无状态的REST API一个不错的办法。每个客户端请求进行身份验证并没有会话cookie在这种方法中使用。

Auth::onceBasic() seems like a good approach for a stateless REST API. Each client request is authenticated and no session cookies are used in this approach.

NB。其他航线不受上述过滤器捕获并仍将设置cookies（并发送设置Cookie头）。所以这个解决方案适用于无国籍API和放大器的常见的情况;有状态的网络接入/管理员。

nb. Other routes not caught by the above filter and will still set cookies (and send the "Set-Cookie" header). So this solution works for the common situation of both stateless API & stateful web access/admin.

这篇关于在Laravel 4 API完全禁用饼干的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！