我使用的是简单的登录应用程序,其中有一种登录"GET"请求的形式。根据获取请求,会在"storage/framework/session/"文件夹中创建一个会话文件。这包括相当于会话令牌的表单上的csrf-token,但当我再次提交带有post请求的表单时,已经创建了一个会话文件,该文件包含不同的csrf-token值。因此,当比较两个令牌时,它们似乎不匹配,即"form-csrf-token"answers"session-csrf-token"。最终它抛出TokenMismatchException。
我想知道我该怎么解决这个问题?
我不想使用CSRF verification排除,因为不使用CSRF Verification对我来说将成为一个很大的安全问题。
我正在使用Form façade blade template来生成Form。
以下是route.php的代码
Route::get('/', function(){
if(Auth::check()){
return redirect('home');
}
return view('pages.index');
});
Route::post('auth/login', 'Auth'AuthController@postLogin');
Route::post('auth/register', 'Auth'AuthController@postRegister');
Route::get('home', 'PageController@home')->middleware(['auth']);
Route::get('about','PageController@about');
// Authentication Routes...
Route::get('auth/login', 'Auth'AuthController@getLogin');
Route::get('auth/logout', 'Auth'AuthController@getLogout');
// Registration Routes...
Route::get('auth/register', 'Auth'AuthController@getRegister');
Auth''AuthController.php
class AuthController extends Controller
{
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
protected $redirectTo = '/home';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'getLogout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return 'Illuminate'Contracts'Validation'Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'FirstName' => 'required|max:255',
'Gender' => 'required|in:Male,Female,Trans',
'DateOfBirth' => 'required|date|before:today',
'email' => 'required|email|max:255|unique:users,email',
'password' => 'required|min:6',
'confirmed' => 'required|same:password'
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'FirstName' => $data['FirstName'],
'Surname' => $data['surname'],
'DateOfBirth' => $data['DateOfBirth'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
'Gender' => $data['Gender']
]);
}
}
loginsignupblade.php
<div class="w3-container">
<div class="w3-row w3-padding-top w3-right">
<div class="col left">
<h3>Create an account</h3>
<h5>It's free and always will be.</h5>
{!! Form::open(array('url'=>'auth/register','method'=>'POST','id'=>'formRegister')) !!}
<div class="w3-group">
<input type="text" class="w3-input register" id="FirstName" name="FirstName" required>
<label class="w3-label w3-text-theme">First Name</label>
</div>
<div class="w3-group">
<input type="text" class="w3-input register" id="surname" name="surname" required>
<label class="w3-label w3-text-theme">Surname</label>
</div>
<div class="w3-group">
<input type="date" class="w3-input register" id="DateOfBirth" name="DateOfBirth" required>
<label class="w3-label w3-text-theme">Date of Birth</label>
</div>
<div class="w3-group">
<input type="text" class="w3-input register" id="email" name="email" required>
<label class="w3-label w3-text-theme">Email</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input register" id="password" name="password" required>
<label class="w3-label w3-text-theme">New password</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input register" id="confirmed" name="confirmed" required>
<label class="w3-label w3-text-theme">Re-enter password</label>
</div>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Male" checked>
<span class="w3-checkmark"></span> Male
</label>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Female">
<span class="w3-checkmark"></span> Female
</label>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Trans">
<span class="w3-checkmark"></span> Trans
</label>
<br><br>
<button class="w3-btn w3-theme"> Create an account </button>
{!! Form::close() !!}
</div>
<div class="col right">
<button class="btn facebook" data-provider="facebook"><i></i><span>Facebook</span></button>
<button class="btn twitter" data-provider="twitter"><i></i><span>Twitter</span></button>
<button class="btn plus" data-provider="google plus"><span class="i"><i></i></span><span>Google Plus</span></button>
<h3>Sign In</h3>
{!! Form::open(array('url'=>'auth/login','method'=>'POST','id'=>'formLogin')) !!}
<div class="w3-group">
<input type="email" class="w3-input" id="email" name="email" required>
<label class="w3-label w3-text-theme">Email or phone</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input" id="password" name="password" required>
<label class="w3-label w3-text-theme">Password</label>
</div>
<label class="w3-checkbox">
<input type="checkbox" id="remember" name="remember">
<div class="w3-checkmark"></div> Stay Logged In
</label>
<div class="w3-group"><a href="password/email"> Forgot Your Password ?</a></div>
<button id="signInSubmit" type="submit" class="w3-btn w3-theme">Submit</button>
{!! Form::close() !!}
</div>
</div>
我遵循并分析问题的步骤
这是我第一次打开http://localhost:8000
使用请求后发送表单后
我自己找到了答案。事实上这不是问题。当登录后为系统生成会话时,就会发生这种情况。
您需要从应用程序中注销。
就是这样。