問題描述

剛剛在 Laravel 5 中開發(fā)了一個新應(yīng)用程序，我在使用開箱即用的身份驗證時遇到了一些問題...

Have just statred a new app in Laravel 5 and I am having some trouble using the out of the box auth...

我不斷收到:VerifyCsrfToken.php 第 46 行中的 TokenMismatchException:在提交登錄或注冊表單時...

I keep getting : TokenMismatchException in VerifyCsrfToken.php line 46: on submitting the login or signup forms...

我可以在登錄表單頁面上看到隱藏表單字段中的令牌代碼和當(dāng)時的會話是相同的...

I can see on the login form page the token codes that are in the hidden form field and Session at that point are the same...

作為測試，我也嘗試過，因為其他一些帖子建議將其注釋掉//'AppHttpMiddlewareVerifyCsrfToken'，在 app/Http/kernal.php 中查看會發(fā)生什么.每次提交表單后，我都會收到一條消息，提示重定向到:/auth/login 或/auth/register，具體取決于我來自哪里，但沒有成功.

As a test I have also tried as some other posts suggested commenting out //'AppHttpMiddlewareVerifyCsrfToken', in app/Http/kernal.php to see what would happen. After doing this every time I submit a form I get a message which says redirecting to: /auth/login or /auth/register depending on where I came from with no success.

奇怪的是，當(dāng)我第一次安裝這個框架時，它就起作用了.從那時起，我所做的就是運行一些遷移并設(shè)置我的一些模型和控制器，并將一些用戶數(shù)據(jù)植入數(shù)據(jù)庫.

The weird thing was this was working when I first installed the framework. All I have done since then is run a few migrations and setup some of my models and controllers and seeded the db with some user data.

更新:

如果我:

var_dump($request->session()->token());

var_dump($request->input('_token'));

我可以看到兩個標(biāo)記不同，但在使用的表單中:

I can see the two tokens are different but at the form using:

var_dump(Session::all());

{{{ csrf_token() }}}

它們是一樣的.Session 令牌在到達(dá) VerifyCsrfToken.php 的第 55 行的函數(shù) tokensMatch() 之前發(fā)生了一些變化

They are the same. The Session token has changed some how before it gets to the function tokensMatch() on line 55 of VerifyCsrfToken.php

我的堆棧跟蹤如下:

in VerifyCsrfToken.php line 46
at VerifyCsrfToken->handle(object(Request), object(Closure)) in VerifyCsrfToken.php line 17
at VerifyCsrfToken->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in ShareErrorsFromSession.php line 55
at ShareErrorsFromSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in StartSession.php line 61
at StartSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 36
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in EncryptCookies.php line 40
at EncryptCookies->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request)) in CheckForMaintenanceMode.php line 42
at CheckForMaintenanceMode->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->IlluminatePipeline{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 101
at Pipeline->then(object(Closure)) in Kernel.php line 111
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 84
at Kernel->handle(object(Request)) in index.php line 53

推薦答案

我剛開始工作時刪除了該行:

I first just got it working removing the line:

'IlluminateFoundationHttpMiddlewareVerifyCsrfToken'

'IlluminateFoundationHttpMiddlewareVerifyCsrfToken'

來自/app/Http/Resquests/Kernel.php.但是，這意味著 CSRF 令牌檢查 將被刪除，這意味著您的網(wǎng)站將不受保護(hù)跨站點請求偽造.

from /app/Http/Resquests/Kernel.php. However, this means the CSRF token check will be removed, which implies that your website will not be protected from cross-site request forgeries.

更新根據(jù)文檔，您應(yīng)該通過將此代碼段添加到您的代碼中來將CSRF令牌添加到您的表單中:

Update According to the documentation, you should add the CSRF token to your form by adding this snippet to your code:

<input type="hidden" name="_token" value="{{ csrf_token() }}">

我在移動應(yīng)用程序的后端服務(wù)中使用了第一種方式，但我發(fā)現(xiàn)我可以在請求中發(fā)送 CSRF 標(biāo)頭.

I used first way in backend services for mobile application but I find I can send send CSRF header within requests.

這篇關(guān)于Laravel 5 Auth Post Submit - VerifyCsrfToken.php 第 46 行中的 TokenMismatchException的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！