由于SESSION_DOMAIN,laravel无法登录 [英] laravel unable to login because of SESSION_DOMAIN
问题描述
我在.env中设置了SESSION_DOMAIN ="example.com"
现在我无法使用正确的电子邮件和密码登录帐户.
有人遇到这个问题吗?
所有遇到此错误的人.
当您更改SESSION_DOMAIN env变量时,Laravel将发出新的cookie,但旧的cookie仍在浏览器的内存中.当请求来自浏览器到Laravel应用时,旧的cookie具有优先权,因此您无法登录.
解决方案是从浏览器中删除旧的cookie(那些没有任何域注册的cookie,因此会转移到实际的应用程序主机中).
此错误通常会咬住那些想要添加多个子域持久性登录名的用户.更糟糕的是,当您已经将应用程序投入生产时,所有客户也将遭受这个问题的困扰.在完全清除cookie之前,没有人能够登录(不仅如此,而且主要是登录)您的应用程序.
我通过添加中间件解决了这个问题,该中间件对我有用:
<?php命名空间App \ Http \ Middleware;使用闭包;使用Illuminate \ Support \ Facades \ Cookie;ForgotOldSessionCookies类{/***处理传入的请求.** @param \ Illuminate \ Http \ Request $ request** @返回混合*/公共功能句柄($ request,闭包$ next){Cookie :: queue(new \ Symfony \ Component \ HttpFoundation \ Cookie('laravel_session',null,now()-> subYear(1)-> timestamp,'/'));Cookie :: queue(new \ Symfony \ Component \ HttpFoundation \ Cookie('XSRF-TOKEN',null,now()-> subYear(1)-> timestamp,'/'));返回$ next($ request);}} 请注意,当您仅使用此功能时:
Cookie :: queue(Cookie :: make('laravel_session',null,-6000,'/','yourdomain.com')) 或
Cookie :: queue(Cookie :: forget('laravel_session','/','yourdomain.com')) Laravel将发送具有域的Cookie标头,因此浏览器将创建具有域 .yourdomain.com 的Cookie-这就是为什么什么都不会被删除的原因.
I set my SESSION_DOMAIN ="example.com" in my .env
now I can't login my account with correct email and password.
anybody who encounter this problem?.
For all experiencing this error.
When you change the SESSION_DOMAIN env variable, Laravel will issue new cookies but old ones are still in the browsers memory. When the request comes from browser to Laravel app the old cookie has priority and there for you are not able to login.
The solution to this is delete old cookies from the browser (those registered without any domain so to actual host of app).
This error typically bites those who wants to add multi subdomain persistent login. And what is even worse, when you have your application in production already, all your clients will suffer from this issue as well. Nobody will able to login (not only that, but mainly) to your application until they completely clear out their cookies.
I solved this by adding middleware, which does it for me:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Cookie;
class ForgotOldSessionCookies
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
*
* @return mixed
*/
public function handle($request, Closure $next)
{
Cookie::queue(new \Symfony\Component\HttpFoundation\Cookie('laravel_session', null, now()->subYear(1)->timestamp, '/'));
Cookie::queue(new \Symfony\Component\HttpFoundation\Cookie('XSRF-TOKEN', null, now()->subYear(1)->timestamp, '/'));
return $next($request);
}
}
Be aware, when you use only this:
Cookie::queue(Cookie::make('laravel_session', null, -6000, '/', 'yourdomain.com'))
or
Cookie::queue(Cookie::forget('laravel_session', '/', 'yourdomain.com'))
Laravel will send Cookie header with domain so browser will create the cookie with domain .yourdomain.com - that's why nothing will be deleted.
这篇关于由于SESSION_DOMAIN,laravel无法登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
