每次访问后都会超出Laravel cookie存储空间
我对laravel的remember me功能有点问题。
通常,laravel会添加会话Cookie , xsrf令牌和带有随机哈希值的第3个Cookie。 (下图)
当我按照正常的login-do stuff-logout-repeat程序进行操作时,一切正常。 不添加额外的Cookie。
如果我登录,请关闭浏览器,然后再次访问该网站,还会添加另一个Cookie。这个看起来像第3个cookie。在重复这个特定的流程时,我发现有一个主要的cookie膨胀。我甚至不确定所有这些都会被使用。 (下图)
当我在登录时检查remember me时,会添加另一个 remember_me 标记。当我关闭浏览器窗口并再次访问该站点时,我自动登录。与上述情况类似,当我重复此过程几次时,会添加越来越多的cookie。 (下图)
最终,我收到一条错误
Bad request Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.
Cookie
除非我手动清除cookie,否则该网站之后甚至不会打开。
我的问题是,当我完成上述方案时,如何删除较旧的Cookie? Laravel有没有办法解决这个问题,我可能会失踪?有没有办法在每次访问时生成一个新cookie时删除旧的cookie?
最接近我的唯一问题是this one,但答案对我不起作用。
我正在使用Laravel的AuthController而我的session.php看起来像这样:
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => env('SESSION_DRIVER'),
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 120,
'expire_on_close' => true,
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/
'encrypt' => true,
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/
'files' => storage_path('framework/sessions'),
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => null,
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/
'table' => 'sessions',
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [2, 100],
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => 'zpz_session',
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/
'path' => '/',
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => null,
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => false,
];
1 个答案:
答案 0 :(得分:1)
Cookie Header 的限制为 4096 字节 (https://stackoverflow.com/a/52492934/49114),您会收到此错误,因为加密的 cookie 非常大,并且每个创建的 cookie 都会向 cookie 头添加越来越多的字节。
可能的解决方案:
- 将大量数据存储在数据库而不是 cookie 上,cookie 仅用于参考。
- 使用
'encrypt' => false,禁用 cookie 加密并避免将敏感信息存储到 cookie 中。 - 禁用 laravel 加密 cookie 并将您自己的加密添加到 cookie 内容中。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?