分享Laravel认证/会话使用PHP [英] Share Laravel authentication/session with PHP
问题描述
我试图使用Laravels认证与一些简单的HTML / JavaScript应用程序。
I'm trying to use Laravels authentication with a number of simple HTML/Javascript applications.
的方式,我认为它会工作的理想是这样的:
The way I think it would ideally work is this:
- 的用户访问该简单的HTML应用程序
- 简单的HTML应用程序包括检查,如果一个PHP文件
用户进行身份验证。如果不是这种情况下,用户被发送到
在Laravel应用程序登录,如果用户登录,他可以简单地使用应用程序。 - 用户通过Laravel登录并重定向回HTML应用程序这一进程将会重新开始。
我的问题是检查在PHP脚本中的用户是否登录。 Laravels会话不可用有(通过在session_start共享它()和 $ _ SESSION [AUTH] =真只会增加的变量Laravels本地PHP会话的版本)。
The problem I have is checking whether a user is logged in the PHP script. Laravels session is not available there (and sharing it through session_start() and $_SESSION["auth"] = true will only add the variable to Laravels version of the native PHP session).
这些都是在应用程序/配置/ session.php文件
return array(
'driver' => 'native',
'lifetime' => 120,
'files' => storage_path().'/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => null,
'domain' => null,
);
因为我想对整个域使用会话我已经改变了路径空。
我的包含PHP脚本是非常简单的,看起来像这样:
My included PHP script is very simple and looks like this:
session_start();
if($_SESSION['authenticated']){
echo "logged_in";
} else {
header("Location: laravel/login/url");
}
您可能想知道为什么我不只是包括Laravels框架的应用,这是因为大约有100个不同的版本,分散在10个域名这个简单的HTML应用程序的,此刻每个域名都有它自己的(很老和不安全的)登录脚本(这是每复制一个新的领域被制成时间)。为此我想一个数据库,并使用Laravel一个管理系统,集中这一点。
You might wonder why I don't just include the application in Laravels framework, it's because there are about 100 different versions of this simple HTML application scattered over 10 domain names, at the moment every domain name has it's own (very old and insecure) login script (which is copied every time a new domain gets made). Therefor I want to centralize this with one database and one management system using Laravel.
希望这里有人知道如何解决它周围的(也许我应该尝试在我的PHP脚本中使用Laravels会话包?)。
Hopefully someone here knows how to fix this problem or work around it (maybe I should try to use Laravels session package in my PHP script?).
推荐答案
Laravel使用存储驱动程序为它的会话管理 - 这意味着试图访问它通过PHP $ _SESSION变量内容不会有任何效果。你的配置是设置默认的会话驱动程序的本地,这(我认为)的文件会话驱动程序,这意味着所有的会话数据都存储在app /存储/会话(我相信它存储在一些JSON状结构的会话数据)。你可以阅读更多关于会话的驱动这里。
Laravel uses storage drivers for it's session management - meaning trying to access it's contents through the PHP $_SESSION variable will never work. Your config is setting the default session driver to "native" which (I think) the file session driver, meaning all session data is stored in app/storage/sessions (I believe that it stores the session data in some JSON like structure). You can read more about the session drivers here.
因此,要回答你的问题,有一对夫妇的浮现在脑海中解决这个办法。我可能会做的只是实现一个简单的自定义会话界面,将简单地检查是否有用户登录,您可以设置用户的会话记录,当你通过laravel表单验证用户。例如:
So to answer your question, there are a couple of ways that come to mind to solve this. What I would probably do is implement a simple custom session interface that will simply check if a user is logged in. You can set the user's session to logged in when you authenticate the user through your laravel form. For example:
if (Auth::attempt(array('email' => $email, 'password' => $password))) {
// Set your user's session to logged in here. You will have to implement some
// system to do so, the below code is INSECURE/NOT USEABLE
$_SESSION['user'] = $email;
}
然后你会在用户注销时做相反。如前所述,简单地设置为登录用户的会话是原因,最明显的存在会话劫持众多非常不安全的。 (这是关于这个问题的一个很好的读取)如果你可以实现一个安全的会话管理系统(真的,它不应该是困难的,将是轻量),那么我认为这个策略是你最好的选择。
And then you would do the reverse when the user logs out. As mentioned above, simply setting the user's session to logged in is very insecure for a multitude of reasons, the most glaring being session hijacking. (This is an excellent read on the subject) If you can implement a secure session management system (and really, it should not be difficult and will be lightweight) then I think that this strategy is your best bet.
另一种方法是尝试使用Cookie的会话驱动程序,但这样做会增加复杂性和垃圾的多个层,你必须首先从一个cookie中得到Laravel会话ID,并使用该阅读另...不一个优雅的解决方案。
The alternative is to try to use cookies as the session driver but doing so will add more layers of complexity and garbage as you will first have to get the Laravel session id from one cookie and use that to read another ... not an elegant solution.
因此,我建议使用我谈了第一个方法和实施一个简单而安全的会话管理系统。希望这有助于!
So I would recommend using the first method I talked about and implementing a simple and secure session management system. Hope this helped!
这篇关于分享Laravel认证/会话使用PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
