Laravel 5 Auth Post Submit - VerifyCsrfToken.php 第 46 行中的 TokenMismatchException

2021-12-18 00:00:00 forms php laravel-5

刚刚在 Laravel 5 中开发了一个新应用程序,我在使用开箱即用的身份验证时遇到了一些问题...

Have just statred a new app in Laravel 5 and I am having some trouble using the out of the box auth...

我不断收到:VerifyCsrfToken.php 第 46 行中的 TokenMismatchException:在提交登录或注册表单时...

I keep getting : TokenMismatchException in VerifyCsrfToken.php line 46: on submitting the login or signup forms...

我可以在登录表单页面上看到隐藏表单字段中的令牌代码和当时的会话是相同的...

I can see on the login form page the token codes that are in the hidden form field and Session at that point are the same...

作为测试,我也尝试过,因为其他一些帖子建议将其注释掉//'AppHttpMiddlewareVerifyCsrfToken',在 app/Http/kernal.php 中查看会发生什么.每次提交表单后,我都会收到一条消息,提示重定向到:/auth/login 或/auth/register,具体取决于我来自哪里,但没有成功.

As a test I have also tried as some other posts suggested commenting out //'AppHttpMiddlewareVerifyCsrfToken', in app/Http/kernal.php to see what would happen. After doing this every time I submit a form I get a message which says redirecting to: /auth/login or /auth/register depending on where I came from with no success.

奇怪的是,当我第一次安装这个框架时,它就起作用了.从那时起,我所做的就是运行一些迁移并设置我的一些模型和控制器,并将一些用户数据植入数据库.

The weird thing was this was working when I first installed the framework. All I have done since then is run a few migrations and setup some of my models and controllers and seeded the db with some user data.

更新:

如果我:

var_dump($request->session()->token());

var_dump($request->input('_token'));

我可以看到两个标记不同,但在使用的表单中:

I can see the two tokens are different but at the form using:

var_dump(Session::all());

{{{ csrf_token() }}}

它们是一样的.Session 令牌在到达 VerifyCsrfToken.php 的第 55 行的函数 tokensMatch() 之前发生了一些变化

They are the same. The Session token has changed some how before it gets to the function tokensMatch() on line 55 of VerifyCsrfToken.php

我的堆栈跟踪如下:

in VerifyCsrfToken.php line 46
at VerifyCsrfToken->handle(object(Request), object(Closure)) in VerifyCsrfToken.php line 17
at VerifyCsrfToken->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in ShareErrorsFromSession.php line 55
at ShareErrorsFromSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in StartSession.php line 61
at StartSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 36
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in EncryptCookies.php line 40
at EncryptCookies->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in CheckForMaintenanceMode.php line 42
at CheckForMaintenanceMode->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 101
at Pipeline->then(object(Closure)) in Kernel.php line 111
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 84
at Kernel->handle(object(Request)) in index.php line 53

推荐答案

我刚开始工作时删除了该行:

I first just got it working removing the line:

'IlluminateFoundationHttpMiddlewareVerifyCsrfToken'

'IlluminateFoundationHttpMiddlewareVerifyCsrfToken'

来自/app/Http/Resquests/Kernel.php.但是,这意味着 CSRF 令牌检查 将被删除,这意味着您的网站将不受保护跨站点请求伪造.

from /app/Http/Resquests/Kernel.php. However, this means the CSRF token check will be removed, which implies that your website will not be protected from cross-site request forgeries.

更新根据文档,您应该通过将此代码段添加到您的代码中来将CSRF令牌添加到您的表单中:

Update According to the documentation, you should add the CSRF token to your form by adding this snippet to your code:

<input type="hidden" name="_token" value="{{ csrf_token() }}">

我在移动应用程序的后端服务中使用了第一种方式,但我发现我可以在请求中发送 CSRF 标头.

I used first way in backend services for mobile application but I find I can send send CSRF header within requests.

相关文章