对于 Get 和 Post 请求,正在生成一个新会话,它会在 Laravel 5.1 中抛出 TokenMismatchException
For Get and Post request a new session is being generated which throws TokenMismatchException in Laravel 5.1
我正在使用简单的登录应用程序,在“GET
”请求上有一种登录形式。根据获取请求,在“storage/framework/session/
”文件夹中创建一个会话文件。这包括相当于会话令牌的表单上的 csrf-token
但是,当我再次提交带有 post 请求的表单时,已经创建了一个会话文件,其中包含不同的 csrf-token
值。因此,似乎在比较两个标记时它们不匹配。 “form-csrf-token
”和“session-csrf-token
”。最终它抛出 TokenMismatchException
.
我想知道如何解决这个问题?
我不想使用 CSRF verification
排除,因为不使用 CSRF Verification
.
对我来说会成为一个很大的安全问题
我正在使用 Form façade blade template
生成 Form
。
这里是route.php
的代码
Route::get('/', function(){
if(Auth::check()){
return redirect('home');
}
return view('pages.index');
});
Route::post('auth/login', 'Auth\AuthController@postLogin');
Route::post('auth/register', 'Auth\AuthController@postRegister');
Route::get('home', 'PageController@home')->middleware(['auth']);
Route::get('about','PageController@about');
// Authentication Routes...
Route::get('auth/login', 'Auth\AuthController@getLogin');
Route::get('auth/logout', 'Auth\AuthController@getLogout');
// Registration Routes...
Route::get('auth/register', 'Auth\AuthController@getRegister');
Auth\AuthController.php
class AuthController extends Controller
{
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
protected $redirectTo = '/home';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'getLogout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'FirstName' => 'required|max:255',
'Gender' => 'required|in:Male,Female,Trans',
'DateOfBirth' => 'required|date|before:today',
'email' => 'required|email|max:255|unique:users,email',
'password' => 'required|min:6',
'confirmed' => 'required|same:password'
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'FirstName' => $data['FirstName'],
'Surname' => $data['surname'],
'DateOfBirth' => $data['DateOfBirth'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
'Gender' => $data['Gender']
]);
}
}
loginsignup.blade.php
<div class="w3-container">
<div class="w3-row w3-padding-top w3-right">
<div class="col left">
<h3>Create an account</h3>
<h5>It's free and always will be.</h5>
{!! Form::open(array('url'=>'auth/register','method'=>'POST','id'=>'formRegister')) !!}
<div class="w3-group">
<input type="text" class="w3-input register" id="FirstName" name="FirstName" required>
<label class="w3-label w3-text-theme">First Name</label>
</div>
<div class="w3-group">
<input type="text" class="w3-input register" id="surname" name="surname" required>
<label class="w3-label w3-text-theme">Surname</label>
</div>
<div class="w3-group">
<input type="date" class="w3-input register" id="DateOfBirth" name="DateOfBirth" required>
<label class="w3-label w3-text-theme">Date of Birth</label>
</div>
<div class="w3-group">
<input type="text" class="w3-input register" id="email" name="email" required>
<label class="w3-label w3-text-theme">Email</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input register" id="password" name="password" required>
<label class="w3-label w3-text-theme">New password</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input register" id="confirmed" name="confirmed" required>
<label class="w3-label w3-text-theme">Re-enter password</label>
</div>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Male" checked>
<span class="w3-checkmark"></span> Male
</label>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Female">
<span class="w3-checkmark"></span> Female
</label>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Trans">
<span class="w3-checkmark"></span> Trans
</label>
<br><br>
<button class="w3-btn w3-theme"> Create an account </button>
{!! Form::close() !!}
</div>
<div class="col right">
<button class="btn facebook" data-provider="facebook"><i></i><span>Facebook</span></button>
<button class="btn twitter" data-provider="twitter"><i></i><span>Twitter</span></button>
<button class="btn plus" data-provider="google plus"><span class="i"><i></i></span><span>Google Plus</span></button>
<h3>Sign In</h3>
{!! Form::open(array('url'=>'auth/login','method'=>'POST','id'=>'formLogin')) !!}
<div class="w3-group">
<input type="email" class="w3-input" id="email" name="email" required>
<label class="w3-label w3-text-theme">Email or phone</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input" id="password" name="password" required>
<label class="w3-label w3-text-theme">Password</label>
</div>
<label class="w3-checkbox">
<input type="checkbox" id="remember" name="remember">
<div class="w3-checkmark"></div> Stay Logged In
</label>
<div class="w3-group"><a href="password/email"> Forgot Your Password ?</a></div>
<button id="signInSubmit" type="submit" class="w3-btn w3-theme">Submit</button>
{!! Form::close() !!}
</div>
</div>
我遵循并分析问题的步骤
我自己找到了答案。其实这不是问题。登录后为系统生成会话时发生。
您需要退出应用程序。
就是这样。
我正在使用简单的登录应用程序,在“GET
”请求上有一种登录形式。根据获取请求,在“storage/framework/session/
”文件夹中创建一个会话文件。这包括相当于会话令牌的表单上的 csrf-token
但是,当我再次提交带有 post 请求的表单时,已经创建了一个会话文件,其中包含不同的 csrf-token
值。因此,似乎在比较两个标记时它们不匹配。 “form-csrf-token
”和“session-csrf-token
”。最终它抛出 TokenMismatchException
.
我想知道如何解决这个问题?
我不想使用 CSRF verification
排除,因为不使用 CSRF Verification
.
我正在使用 Form façade blade template
生成 Form
。
这里是route.php
的代码 Route::get('/', function(){
if(Auth::check()){
return redirect('home');
}
return view('pages.index');
});
Route::post('auth/login', 'Auth\AuthController@postLogin');
Route::post('auth/register', 'Auth\AuthController@postRegister');
Route::get('home', 'PageController@home')->middleware(['auth']);
Route::get('about','PageController@about');
// Authentication Routes...
Route::get('auth/login', 'Auth\AuthController@getLogin');
Route::get('auth/logout', 'Auth\AuthController@getLogout');
// Registration Routes...
Route::get('auth/register', 'Auth\AuthController@getRegister');
Auth\AuthController.php
class AuthController extends Controller
{
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
protected $redirectTo = '/home';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'getLogout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'FirstName' => 'required|max:255',
'Gender' => 'required|in:Male,Female,Trans',
'DateOfBirth' => 'required|date|before:today',
'email' => 'required|email|max:255|unique:users,email',
'password' => 'required|min:6',
'confirmed' => 'required|same:password'
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'FirstName' => $data['FirstName'],
'Surname' => $data['surname'],
'DateOfBirth' => $data['DateOfBirth'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
'Gender' => $data['Gender']
]);
}
}
loginsignup.blade.php
<div class="w3-container">
<div class="w3-row w3-padding-top w3-right">
<div class="col left">
<h3>Create an account</h3>
<h5>It's free and always will be.</h5>
{!! Form::open(array('url'=>'auth/register','method'=>'POST','id'=>'formRegister')) !!}
<div class="w3-group">
<input type="text" class="w3-input register" id="FirstName" name="FirstName" required>
<label class="w3-label w3-text-theme">First Name</label>
</div>
<div class="w3-group">
<input type="text" class="w3-input register" id="surname" name="surname" required>
<label class="w3-label w3-text-theme">Surname</label>
</div>
<div class="w3-group">
<input type="date" class="w3-input register" id="DateOfBirth" name="DateOfBirth" required>
<label class="w3-label w3-text-theme">Date of Birth</label>
</div>
<div class="w3-group">
<input type="text" class="w3-input register" id="email" name="email" required>
<label class="w3-label w3-text-theme">Email</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input register" id="password" name="password" required>
<label class="w3-label w3-text-theme">New password</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input register" id="confirmed" name="confirmed" required>
<label class="w3-label w3-text-theme">Re-enter password</label>
</div>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Male" checked>
<span class="w3-checkmark"></span> Male
</label>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Female">
<span class="w3-checkmark"></span> Female
</label>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Trans">
<span class="w3-checkmark"></span> Trans
</label>
<br><br>
<button class="w3-btn w3-theme"> Create an account </button>
{!! Form::close() !!}
</div>
<div class="col right">
<button class="btn facebook" data-provider="facebook"><i></i><span>Facebook</span></button>
<button class="btn twitter" data-provider="twitter"><i></i><span>Twitter</span></button>
<button class="btn plus" data-provider="google plus"><span class="i"><i></i></span><span>Google Plus</span></button>
<h3>Sign In</h3>
{!! Form::open(array('url'=>'auth/login','method'=>'POST','id'=>'formLogin')) !!}
<div class="w3-group">
<input type="email" class="w3-input" id="email" name="email" required>
<label class="w3-label w3-text-theme">Email or phone</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input" id="password" name="password" required>
<label class="w3-label w3-text-theme">Password</label>
</div>
<label class="w3-checkbox">
<input type="checkbox" id="remember" name="remember">
<div class="w3-checkmark"></div> Stay Logged In
</label>
<div class="w3-group"><a href="password/email"> Forgot Your Password ?</a></div>
<button id="signInSubmit" type="submit" class="w3-btn w3-theme">Submit</button>
{!! Form::close() !!}
</div>
</div>
我遵循并分析问题的步骤
我自己找到了答案。其实这不是问题。登录后为系统生成会话时发生。
您需要退出应用程序。
就是这样。