Laravel + Angular Project的Auth和CSRF令牌在生产中不起作用

本文介绍了Laravel + Angular Project的Auth和CSRF令牌在生产中不起作用的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

csrf_token和X-XSRF-TOKEN已通过Angular添加

csrf_token and X-XSRF-TOKEN have been added via Angular

$http.defaults.headersmon['csrf_token'] = CSRF_TOKEN; $http.defaults.headersmon['X-XSRF-TOKEN'] = X_XSRF_TOKEN;

该项目在本地服务器上运行正常，但在生产环境中无法正常运行.提交表单后，我看到TokenMismatchException，并且Auth :: attempt()在登录期间运行良好.但是登录后，当我通过Auth :: user()-> id访问其他路由的用户ID时，我看不到任何登录用户.

The project is working fine on local server but not in production. I see TokenMismatchException after submitting a form and Auth::attempt() works fine during login. But after login when I access user's id by Auth::user()->id for other route then I see no login user.

我还检查了本地服务器中的cookie.我在那里可以看到XSRF-TOKEN和laravel-session，但是在生产中，我的Cookie列表为空.

I also checked my cookies in local server. I can see XSRF-TOKEN and laravel-session there but in production my cookie list is empty.

更新:发现该会话在我服务器上的项目中不起作用.

Update: Found out that session is not working in my project on server.

推荐答案

解决方案

会话无法正常工作的问题是，在项目的配置文件(在我的情况下为/config/google-geocoder.php)中，PHP在打开标签(<?php)之前出现空白行.这就是Laravel无法在Cookie列表中创建任何会话(使用laravel的默认XSRF令牌和laravel-session)的原因.请参阅链接中的@codesidekick的答案，该答案对解决此问题有很大帮助. CSRF-表单令牌与会话令牌不匹配

Solution

The problem why the Session was not working is that a blank line was present before PHP opening tag(<?php) in a Config file(in my case /config/google-geocoder.php) of my project. That's why Laravel was unable to create any sessions(with laravel's default XSRF-token and laravel-session also) in the cookie list. See @codesidekick's answer from the link which helped me a lot to fix this issue. CSRF - Form Token Doesn't Match Session Token

我无法确切说明原因，但是我的本地服务器的PHP版本为5.5.9-1ubuntu4.19，生产服务器的版本为5.5.30.我认为由于配置上的某些差异，我在生产中遇到了问题.

I can't tell exactly why but my Local Server has PHP version 5.5.9-1ubuntu4.19 and Production Server has 5.5.30. I think due to some difference in configuration, I faced the problem in production.

在调查过程中，我发现可能会产生此问题的几个问题.我还将我的一个也包括在下面的列表中.

During my investigation I found out that there are several issues that may generate this problem. I have also included my one in the list below.

• 如果您在浏览器中的源代码<!DOCTYPE html>之前看到任何空白行，则页面的相关文件在打开PHP标记之前将具有空白行.在这种情况下，请检查您为该页面创建的实际PHP文件，如果没有，请查看Laravel的默认加载文件(index.php，routes.php，配置文件等)，并确保PHP之前没有空格.您错误添加的开始标签.
• 会话中的数据存储之后是否有任何回声.
• 结束标记后是否有空格. 请参见此处

• 如果仅存在令牌不匹配，则将全局<meta name="_token" content="{!! csrf_token() !!}"/>令牌添加到标头中，或将本地<input type="hidden" name="_token" value="{ csrf_token() }">形式添加到本地.对于ajax调用

• If you see any blank line before <!DOCTYPE html> of your source code from browser then the related files of your page has blank line before opening PHP tag. In this case check for realted PHP files created by you for the page and if there is none then look into default loaded files (index.php, routes.php, config files etc) of Laravel and make sure there is no blank space before PHP opening tag you added mistakenly.
• If there is any echo right after data store in session.
• If you have any whitespace after your closing tags. See here

• If you are only having token mismatch then add token globally <meta name="_token" content="{!! csrf_token() !!}"/> into your header or locally in your form <input type="hidden" name="_token" value="{ csrf_token() }">. For ajax call

$.ajaxSetup( { headers: { 'X-CSRF-Token': $('input[name="_token"]').val() } });

检查/store/framework/Session是否具有存储会话的权限，因为默认情况下，Laravel具有文件类型的会话.您可以尝试数据库会话，我发现有些人可以使用它.您也可以尝试从storage/framework/sessions和storage/framework/views 请参阅@gbrock的答案

Check whether /store/framework/Session has permission to store session because by default Laravel has File typed session. You may try Database session and I saw for some people it worked. You may try also to delete file cache from storage/framework/sessions and storage/framework/viewsSee @gbrock's answer

有人说要清除缓存并重新启动服务器.

Some people said to clear cache and restart the server.