如何解决laravel7页面过期问题(419)

watbbzwu  于 2021-06-09  发布在  Redis
关注(0)|答案(1)|浏览(565)

在遵循了几个星期关于如何解决这个问题的不同方法之后,我仍然不时地看到页面过期。我目前正在使用redis保存会话,我在服务器(linux)上安装了redis,在我的laravel应用程序中也安装了redis,即website.com(production)和staging.website.com(staging)。我还授予对以下文件夹的访问权限
chmod-r 755存储
chmod-r 644引导/缓存
还清除了缓存。我的头和所有表格都有csrf

  1. <meta name="csrf-token" content="{{ csrf_token() }}">

我将ajax csrf\u令牌设置为:

  1. $.ajaxSetup({
  2. headers: {
  3. 'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
  4. }
  5. });

会话驱动程序:

  1. SESSION_DRIVER=redis

这是我的config/session.php文件

  1. <?php
  2. use Illuminate\Support\Str;
  3. return [
  4. /*
  5. |--------------------------------------------------------------------------
  6. | Default Session Driver
  7. |--------------------------------------------------------------------------
  8. |
  9. | This option controls the default session "driver" that will be used on
  10. | requests. By default, we will use the lightweight native driver but
  11. | you may specify any of the other wonderful drivers provided here.
  12. |
  13. | Supported: "file", "cookie", "database", "apc",
  14. | "memcached", "redis", "dynamodb", "array"
  15. |
  16. */
  17. 'driver' => env('SESSION_DRIVER', 'redis'),
  18. /*
  19. |--------------------------------------------------------------------------
  20. | Session Lifetime
  21. |--------------------------------------------------------------------------
  22. |
  23. | Here you may specify the number of minutes that you wish the session
  24. | to be allowed to remain idle before it expires. If you want them
  25. | to immediately expire on the browser closing, set that option.
  26. |
  27. */
  28. 'lifetime' => env('SESSION_LIFETIME', 120),
  29. 'expire_on_close' => false,
  30. /*
  31. |--------------------------------------------------------------------------
  32. | Session Encryption
  33. |--------------------------------------------------------------------------
  34. |
  35. | This option allows you to easily specify that all of your session data
  36. | should be encrypted before it is stored. All encryption will be run
  37. | automatically by Laravel and you can use the Session like normal.
  38. |
  39. */
  40. 'encrypt' => false,
  41. /*
  42. |--------------------------------------------------------------------------
  43. | Session File Location
  44. |--------------------------------------------------------------------------
  45. |
  46. | When using the native session driver, we need a location where session
  47. | files may be stored. A default has been set for you but a different
  48. | location may be specified. This is only needed for file sessions.
  49. |
  50. */
  51. 'files' => storage_path('framework/sessions'),
  52. /*
  53. |--------------------------------------------------------------------------
  54. | Session Database Connection
  55. |--------------------------------------------------------------------------
  56. |
  57. | When using the "database" or "redis" session drivers, you may specify a
  58. | connection that should be used to manage these sessions. This should
  59. | correspond to a connection in your database configuration options.
  60. |
  61. */
  62. 'connection' => 'default',
  63. /*
  64. |--------------------------------------------------------------------------
  65. | Session Database Table
  66. |--------------------------------------------------------------------------
  67. |
  68. | When using the "database" session driver, you may specify the table we
  69. | should use to manage the sessions. Of course, a sensible default is
  70. | provided for you; however, you are free to change this as needed.
  71. |
  72. */
  73. 'table' => 'sessions',
  74. /*
  75. |--------------------------------------------------------------------------
  76. | Session Cache Store
  77. |--------------------------------------------------------------------------
  78. |
  79. | When using the "apc", "memcached", or "dynamodb" session drivers you may
  80. | list a cache store that should be used for these sessions. This value
  81. | must match with one of the application's configured cache "stores".
  82. |
  83. */
  84. 'store' => env('SESSION_STORE', null),
  85. /*
  86. |--------------------------------------------------------------------------
  87. | Session Sweeping Lottery
  88. |--------------------------------------------------------------------------
  89. |
  90. | Some session drivers must manually sweep their storage location to get
  91. | rid of old sessions from storage. Here are the chances that it will
  92. | happen on a given request. By default, the odds are 2 out of 100.
  93. |
  94. */
  95. 'lottery' => [2, 100],
  96. /*
  97. |--------------------------------------------------------------------------
  98. | Session Cookie Name
  99. |--------------------------------------------------------------------------
  100. |
  101. | Here you may change the name of the cookie used to identify a session
  102. | instance by ID. The name specified here will get used every time a
  103. | new session cookie is created by the framework for every driver.
  104. |
  105. */
  106. 'cookie' => env(
  107. 'SESSION_COOKIE',
  108. Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
  109. ),
  110. /*
  111. |--------------------------------------------------------------------------
  112. | Session Cookie Path
  113. |--------------------------------------------------------------------------
  114. |
  115. | The session cookie path determines the path for which the cookie will
  116. | be regarded as available. Typically, this will be the root path of
  117. | your application but you are free to change this when necessary.
  118. |
  119. */
  120. 'path' => '/',
  121. /*
  122. |--------------------------------------------------------------------------
  123. | Session Cookie Domain
  124. |--------------------------------------------------------------------------
  125. |
  126. | Here you may change the domain of the cookie used to identify a session
  127. | in your application. This will determine which domains the cookie is
  128. | available to in your application. A sensible default has been set.
  129. |
  130. */
  131. 'domain' => env('SESSION_DOMAIN', null),
  132. /*
  133. |--------------------------------------------------------------------------
  134. | HTTPS Only Cookies
  135. |--------------------------------------------------------------------------
  136. |
  137. | By setting this option to true, session cookies will only be sent back
  138. | to the server if the browser has a HTTPS connection. This will keep
  139. | the cookie from being sent to you if it can not be done securely.
  140. |
  141. */
  142. 'secure' => env('SESSION_SECURE_COOKIE', null),
  143. /*
  144. |--------------------------------------------------------------------------
  145. | HTTP Access Only
  146. |--------------------------------------------------------------------------
  147. |
  148. | Setting this value to true will prevent JavaScript from accessing the
  149. | value of the cookie and the cookie will only be accessible through
  150. | the HTTP protocol. You are free to modify this option if needed.
  151. |
  152. */
  153. 'http_only' => true,
  154. /*
  155. |--------------------------------------------------------------------------
  156. | Same-Site Cookies
  157. |--------------------------------------------------------------------------
  158. |
  159. | This option determines how your cookies behave when cross-site requests
  160. | take place, and can be used to mitigate CSRF attacks. By default, we
  161. | do not enable this as other CSRF protection services are in place.
  162. |
  163. | Supported: "lax", "strict"
  164. |
  165. */
  166. 'same_site' => null,
  167. ];

这是我的redis配置/数据库文件

  1. /*
  2. |--------------------------------------------------------------------------
  3. | Redis Databases
  4. |--------------------------------------------------------------------------
  5. |
  6. | Redis is an open source, fast, and advanced key-value store that also
  7. | provides a richer body of commands than a typical key-value system
  8. | such as APC or Memcached. Laravel makes it easy to dig right in.
  9. |
  10. */
  11. 'redis' => [
  12. 'client' => env('REDIS_CLIENT', 'predis'),
  13. 'options' => [
  14. 'cluster' => env('REDIS_CLUSTER', 'predis'),
  15. 'prefix' => '',
  16. ],
  17. 'default' => [
  18. 'host' => env('REDIS_HOST', '127.0.0.1'),
  19. 'password' => env('REDIS_PASSWORD', null),
  20. 'port' => env('REDIS_PORT', 6379),
  21. 'database' => env('REDIS_DB', 0),
  22. 'async' => true,
  23. 'persistent' => true,
  24. ],
  25. 'cache' => [
  26. 'host' => env('REDIS_HOST', '127.0.0.1'),
  27. 'password' => env('REDIS_PASSWORD', null),
  28. 'port' => env('REDIS_PORT', 6379),
  29. 'database' => env('REDIS_CACHE_DB', 1),
  30. ],
  31. ],

会话域当前正在使用webiste.com作为域及其子域:staging.website.com。

  1. SESSION_DOMAIN = '.website.com';

大多数时候,用户反复请求ajax调用。有什么办法可以解决这个问题吗?谢谢!

3vpjnl9f

3vpjnl9f1#

这个 csrf 字段名称应为 _token :

  1. '_token': $('meta[name="csrf-token"]').attr('content')

把它放在请求体中,而不是头中,如下所示:

  1. $.post(
  2. '/url',
  3. {
  4. '_token': $('meta[name="csrf-token"]').attr('content'),
  5. ...
  6. }
  7. ).done(function(data ){...});

相关问题