我正在使用Laravel构建RESTful API。我使用Basic HTTP Auth(Authenticate header),使用此过滤器:
Route::filter('auth', function()
{
$credentials = ['email' => Request::getUser(), 'password' => Request::getPassword()];
if (!Auth::once($credentials)) {
$response = ['error' => true, 'message' => 'Unauthorized request'];
$code = 401;
$headers = ['WWW-Authenticate' => 'Basic'];
return Response::json($response, $code, $headers);
}
});
它可以工作,但是Laravel然后尝试为用户设置一个cookie(发送Set-Cookie标题)。我尝试将session.driver配置密钥设置为array,但现在只看到它发送Set-Cookie: laravel_session=deleted内容。
如何完全禁用此Set-Cookie标头?
谢谢。
答案 0 :(得分:15)
对于无状态API,以下工作中没有cookie和干净标头:
Route::filter('auth.basic', function()
{
Config::set('session.driver', 'array');
return Auth::onceBasic();
});
请注意,上面使用的是Auth :: onceBasic(),由于某种原因仍然会发送“Set-Cookie”标头。根据文件,曾经的基督教是无国籍的;也许cookie是出于信息目的而发送的,是调试模式的副作用,或者它可能是一个bug。无论哪种方式,仍然需要Config :: set(...)。使用此过滤器快速卷曲路线将返回以下标题:
HTTP/1.1 200 OK
Date: Wed, 12 Feb 2014 02:34:26 GMT
Server: Apache/2.4.6 (Ubuntu)
X-Powered-By: PHP/5.5.3
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: application/json
Auth :: onceBasic()似乎是无状态REST API的好方法。每个客户端请求都经过身份验证,并且在此方法中不使用会话cookie。
NB。其他路由未被上述过滤器捕获,仍将设置cookie(并发送“Set-Cookie”标头)。所以这个解决方案适用于无状态API和API的常见情况。有状态的网络访问/管理员。
答案 1 :(得分:6)
要禁用Laravel 4控制器中所有路由的会话,请在类构造中设置会话驱动程序选项:
<?php
class ExampleController extends BaseController {
public function __construct()
{
Config::set('session.driver', 'array');
}
public function getExample()
{
return "This example response should have no session cookie.";
}
}
答案 2 :(得分:2)
handle()public function handle($request, Closure $next){
\Config::set('session.driver', 'array');
\Config::set('cookie.driver', 'array');
return $next($request);
}
,如下所示if (root.data == data){
return true;
}
答案 3 :(得分:1)
试试这个 - 脏,但对我有用。
示例是针对单个路由,可以修改以管理路由前缀等
首先,在app/config内为特定环境创建一个目录,假设为stateless
然后,将session.php文件放在app/config/stateless内,代码如下:
<?php
return array(
'driver' => 'array'
);
最后,修改detectEnvironment中的bootstrap/start.php部分:
$env = $app->detectEnvironment(function()
{
if ($_SERVER['REQUEST_URI'] == '/your/route') return 'stateless';
});
您可能需要查看here。
答案 4 :(得分:0)
从 app.php 中的'Illuminate\Cookie\CookieServiceProvider',数组中删除providers。应该这样做:)
答案 5 :(得分:0)
我正在使用laravel开发API,所以我绝对不想使用cookie。 但是,我确实希望将会话机制用于需要身份验证的API。
所以,我正在使用sessions.driver = "file"
为了能够使用该机制,但允许覆盖cookie集,经过大量调试后,我发现Middleware类有一些硬连线,但通过过滤器的魔力,您可以在之前禁用该功能cookie已设置。
因此,在filters.php上,我创建了以下过滤器,并添加为路线组的after过滤器
/*
|--------------------------------------------------------------------------
| Custom Filter to remove the session cookie
|--------------------------------------------------------------------------
|
| By default, if session driver is other than `null` or `array`, it will
| create a cookie and pass the encrypted session id so that it can be used
| across web requests.
| However, since our application is an API, we dont need the cookie, but
| we still want to be able to use the session functionality, so to allow
| this, we just need to set the driver to `array` right before the
| dispatcher gets to the point to add the session cookie.
|
| This is the Laravel call stack
| \Illuminate\Session\Middleware::handle()
| -> \Illuminate\Session\Middleware::addCookieToResponse()
| -> \Illuminate\Session\Middleware::sessionIsPersistent()
|
| All session handling and file storage has happened before sessionIsPersistent()
| is called, so we are safe to add an `after` filter that will reset
| the driver in the configuration and thus preventing this specific
| cookie to be added, all other previously added cookies will be
| kept (if any added) and thus sent as part of the response.
*/
Route::filter('session.cookie.remove', function(){
// Has to be 'array' because null, will prevent from writing sessions
Config::set('session.driver', 'array');
});
注意:唯一不会调用此过滤器并因此生成cookie的情况是,如果发生异常,在这种情况下您可能还需要更新错误处理程序上的配置(如果你没有覆盖laravel,则为默认错误处理程序)。
要覆盖,请查看app/start/global.php
答案 6 :(得分:-1)
您应该修改session.php:
<?php
return array(
'driver' => isset($_SERVER['REQUEST_URI']) && (stripos($_SERVER['REQUEST_URI'], '/api') === 0) ? 'array' : 'native'
);