Laravel:在每个请求上设置cookie

时间:2016-02-19 21:30:55

标签: php laravel cookies csrf setcookie

我正在使用Laravel一段时间,但我有一件事有问题。 Laravel为每个请求设置cookie。无论用户是否登录。

set-cookie in laravel

我不认为这是Laravel的正常行为。用户登录后,我们无需在每次请求时为其创建新会话。我们要不要?那么为什么laravel会为用户发送的每个请求生成新的会话和csrf令牌?而且它也为访客用户生成这些会话和令牌,这是完全没有必要和无用的。

我该如何防止这种情况?

更新

我使用Laravel 5.2和File作为会话驱动程序。

以下是我的路线和中间件示例:

路线: 

<?php

Route::get('/login', 'UserController@login');
Route::post('/login', 'UserController@postLogin');
Route::get('/link/{link}', 'HomeController@link');


$router->group(['middleware' => ['auth']], function() {
    Route::get('/', 'HomeController@index');
    Route::post('/', 'HomeController@postindex');

    Route::get('/home', 'HomeController@index');
    Route::post('/home', 'HomeController@postindex');

    Route::get('user/{username}', 'UserController@user_info');
    Route::post('user/{username}', 'UserController@post_user_info');

    Route::get('/logout', 'UserController@logout');
});

$router->group(['middleware' => ['auth', 'role:2']], function() {
    Route::get('/tools/register', 'UserController@register');
    Route::post('/tools/register', 'UserController@postregister');

    Route::get('/tools/users', 'AdminController@users');
    Route::post('/tools/users', 'AdminController@post_users');
});


Route::controllers([
    'password' => 'Auth\PasswordController',
]);

Kernel.php 

<?php

namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * @var array
     */
    protected $middleware = [
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
    ];

    /**
     * The application's route middleware.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'role' => \App\Http\Middleware\Role::class,
    ];
}

1 个答案:

答案 0 :(得分:0)

我没有检查过,但你的路线可能是默认的“Web”中间件组,默认情况下有session / cookies / csrf。

Laravel Middlewares

相关问题
最新问题