防止Laravel会话重叠在子域中
在我的域上同一laravel应用的副本,每个
app1.mydomain.com
app2.mydomain.com
我有两个 独立 在其各自的.env文件中。我确实希望两者完全独立(因此,所有有理env变量均设置为适当唯一的唯一,例如:app_key s,app_name s,app_url < app_url < /代码> S等)。虽然指定了两个不同的数据库(尽管当然是同一主机上的),但我在两个数据库上都放了一个相同的“用户”。
问题是,有时在他们一起使用时(有点同时),当我已经通过“用户”凭据登录其中一个时,出现了419错误,并尝试记录通过独特但相同的“用户”凭据进入另一个!好像app2认为用户已经登录了;虽然用户已经登录到另一个据称独立的子域。我已经尝试过session_cookie和session_domain环境变量无用。
通过将session_domain s设置为app1.mydomain.com和app2.mydomain.com ;您可以成功登录其中之一;但是尝试登录另一个显示419的错误页面!此外,浏览器中的会话的域条目设置为前面的点,例如:.app1.mydomain.com(当您省略Session_domain S时,值确实没有领先的点出现。)
我注意到app1_session的会话也出现在app2.mydomain.com的浏览器cookie中(有时是会话laravel_session也出现了! noreferrer“> laravel 是默认的字符串,每当app_name的环境变量不读取的环境变量时,系统都不会读取
!它?!
I have two independent copies of a same Laravel app on my domain, each one behaves as expected when used exclusively:
app1.mydomain.com
app2.mydomain.com
They do have different APP_NAME values in their respective .env files. I do want the two to be completely independent (thus all of the rational env variables are set appropriately unique, e.g: the APP_KEYs, APP_NAMEs, APP_URLs, etc). While two distinct databases are designated (though on a same host, of course), I've put an identical "user" on both of the databases.
The thing is, sometimes when they're being utilized together (kinda concurrently), a 419 error shows up when I'm already logged into one of them through the "user" credentials, and try to log into the other one through a distinct but identical "user" credentials! Seems like the app2 thinks the user is already logged in; while the user is already logged into the other supposedly independent subdomain. I've tried SESSION_COOKIE and SESSION_DOMAIN environment variables to no avail.
By setting the SESSION_DOMAINs to app1.mydomain.com and app2.mydomain.com respectively; you may log into one of them successfully; but trying to log into the other one displays the error page of 419! Also, the domain entries for the session in the browser are set with a preceding dot, e.g: .app1.mydomain.com (while when you omit the SESSION_DOMAINs, the values do appear without the leading dot.)
I've noticed a session of app1_session does also show up in the browser cookies for app2.mydomain.com (and sometimes a session of laravel_session do also show up! the laravel is a default string substituted whenever the environment variable of APP_NAME is not read by the system!)
So, what's wrong and how can I fix it?!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
假设您正在设置每个
.env文件指向每个单独的子域。您可能之后的功能是将same_site值设置为strict。这将确保仅接受来自定义域的cookie。
PS良好的措施,A
PHP Artisan配置:Clear更改后。Assuming you are setting up each
.envfile pointing to each separate sub domain. The functionality you may be after is setting thesame_sitevalue tostrict.This will ensure only cookies that are from the defined domain are accepted.
P.S. for good measure, a
php artisan config:clearonce you change it.我认为在您的任何子域中都不是问题。我认为您在同一浏览器实例上检查两个站点的地方,为什么此问题正在尝试在普通浏览器模式下使用该网站。在私有模式(或)隐身模式下打开另一个...它可能对您的情况有效。...
如果它不适用于您实现Laravel会话表我希望它对你有用
I think its not a Problem on Any of your subdomains Probably . I think You where checking out Both the site on same browser instance that why this issue is occuring try to use one on normal browser mode & open another on Private mode (or) Incognito mode ... it would probably works on your case ....
If it does not works for you Implement A Laravel Session Table So you can Track Session IDs of logged in user having a current session i hope it works for you
我发生的同一问题,通过为
session_cookie =设置不同的值来修复每个项目.envSame issue happening to me, fixed by setting different values for
SESSION_COOKIE=inside each project .env