在将Laravel项目域(.in到.institute(&主机(namecheap to name.com(,一切都很好。当我尝试在Chrome&Edge等浏览器,则返回";419 PAGE EXPIRED";错误但当我尝试在DuckDuckGo等浏览器上登录或注册时,它会正常工作。我尝试清理缓存,配置,生成:密钥,检查&更改csrf令牌,固定SSL&等等,我在互联网上找到的每一个解决方案。但没有一个能解决这些问题。我还能做什么!
#查看
@section('title', 'Login')
@include('theme.head')
@include('admin.message')
<!-- end head -->
<!-- body start-->
<body>
<!-- top-nav bar start-->
<section id="nav-bar" class="nav-bar-main-block nav-bar-main-block-one">
<div class="container-fluid">
<div class="row">
<div class="col-lg-4 col-4">
<div class="nav-bar-btn">
<a href="{{ url('/') }}" class="btn btn-secondary" title="Home"><i class="fa fa-chevron-left"></i>{{ __('frontstaticword.Backtohome') }}</a>
</div>
</div>
<div class="col-lg-4 col-4">
<div class="logo text-center">
@php
$logo = AppSetting::first();
@endphp
@if($logo->logo_type == 'L')
<a href="{{ url('/') }}" title="logo"><img src="{{ asset('images/logo/'.$logo->logo) }}" class="img-fluid" alt="logo"></a>
@else()
<a href="{{ url('/') }}"><b><div class="logotext">{{ $logo->project_title }}</div></b></a>
@endif
</div>
</div>
<div class="col-lg-4 col-4">
<div class="Login-btn txt-rgt">
<a href="{{ route('register') }}" class="btn btn-primary" title="signup">{{ __('frontstaticword.Signup') }}</a>
</div>
</div>
</div>
</div>
</section>
<!-- top-nav bar end-->
<!-- Signup start-->
<section id="signup" class="signup-block-main-block">
<div class="container">
<div class="col-md-6 offset-md-3">
<div class="signup-heading">
{{ __('frontstaticword.LogIntoYour') }} {{ $project_title }} {{ __('frontstaticword.Account') }}!
</div>
<div class="signup-block">
<div class="signin-link btm-10">
<div class="row">
@if($gsetting->fb_login_enable == 1)
<div class="col-lg-6">
<a href="{{ url('/auth/facebook') }}" title="facebook" class="btn btn-info btm-10" title="Facebook"><i class="fa fa-facebook"></i>{{ __('frontstaticword.ContinuewithFacebook') }}</a>
</div>
@endif
@if($gsetting->google_login_enable == 1)
<div class="col-lg-6">
<div class="google">
<a href="{{ url('/auth/google') }}" title="google" class="btn btn-white btm-10" title="google"><i class="fab fa-google"></i>{{ __('frontstaticword.ContinuewithGoogle') }}</a>
</div>
</div>
@endif
@if($gsetting->amazon_enable == 1)
<div class="col-lg-6">
<div class="signin-link amazon-button">
<a href="{{ url('/auth/amazon') }}" title="amazon" class="btn btn-info btm-10" title="Amazon"><i class="fab fa-amazon"></i>{{ __('frontstaticword.ContinuewithAmazon') }}</a>
</div>
</div>
@endif
@if($gsetting->linkedin_enable == 1)
<div class="col-lg-6">
<div class="signin-link linkedin-button">
<a href="{{ url('/auth/linkedin') }}" title="linkedin" class="btn btn-info btm-10" title="Linkedin"><i class="fab fa-linkedin"></i>{{ __('frontstaticword.ContinuewithLinkedin') }}</a>
</div>
</div>
@endif
@if($gsetting->twitter_enable == 1)
<div class="col-lg-6">
<div class="signin-link twitter-button">
<a href="{{ url('/auth/twitter') }}" title="twitter" class="btn btn-info btm-10" title="Twitter"><i class="fab fa-twitter"></i>{{ __('frontstaticword.ContinuewithTwitter') }}</a>
</div>
</div>
@endif
@if($gsetting->gitlab_login_enable == 1)
<div class="col-lg-6">
<div class="signin-link btm-10">
<a href="{{ url('/auth/gitlab') }}" title="gitlab" class="btn btn-white" title="gitlab"><i class="fab fa-gitlab"></i>{{ __('frontstaticword.ContinuewithGitLab') }}</a>
</div>
</div>
@endif
</div>
<form method="POST" class="signup-form" action="{{ route('login') }}">
@csrf
<div class="form-group">
<i class="fa fa-envelope" aria-hidden="true"></i>
<input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" placeholder="Enter Your E-Mail" name="email" value="{{ old('email') }}" required autofocus>
@if ($errors->has('email'))
<span class="invalid-feedback" role="alert">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
<div class="form-group">
<i class="fa fa-lock" aria-hidden="true"></i>
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" placeholder="Enter Your Password" name="password" required>
@if ($errors->has('password'))
<span class="invalid-feedback" role="alert">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
<div class="form-group">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="remember" id="remember" {{ old('remember') ? 'checked' : '' }}>
<label class="form-check-label" for="remember">
{{ __('Remember Me') }}
</label>
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary">
{{ __('frontstaticword.Login') }}
</button>
<br>
<br>
<div class="forgot-password text-center btm-20"><a href="{{ 'password/reset' }}" title="sign-up">{{ __('frontstaticword.ForgotPassword') }}</a>
</div>
</div>
<div class="signin-link text-center btm-20">
{{ __('frontstaticword.Bysigningup') }} <a href="{{url('terms_condition')}}" title="Policy">{{ __('frontstaticword.Terms&Condition') }} </a>, <a href="{{url('privacy_policy')}}" title="Policy">{{ __('frontstaticword.PrivacyPolicy') }}.</a>
</div>
<hr>
<div class="sign-up text-center">{{ __('frontstaticword.Donothaveanaccount') }}?<a href="{{ route('register') }}" title="sign-up"> {{ __('frontstaticword.Signup') }}</a>
</div>
</form>
</div>
</div>
</div>
</section>
<!-- Signup end-->
<!-- jquery -->
@include('theme.scripts')
<!-- end jquery -->
</body>
<!-- body end -->
</html>
#控制器
<?php
namespace AppHttpControllersAuth;
use AppHttpControllersController;
use IlluminateFoundationAuthAuthenticatesUsers;
use Auth;
use Socialite;
use AppUser;
use IlluminateSupportMessageBag;
use SpatieActivitylogContractsActivity;
use AppSetting;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
public function authenticated()
{
$gsetting = Setting::first();
if( Auth::User()->role == "instructor" || Auth::User()->role == "user")
{
if(isset($gsetting->activity_enable))
{
if($gsetting->activity_enable == '1')
{
$project = new User();
activity()
->useLog('Login')
->performedOn($project)
->causedBy(auth()->user())
->withProperties(['customProperty' => 'Login'])
->log('Logged In')
->subject('Login');
}
}
}
if (Auth::User()->status == 1)
{
if( Auth::User()->role == "admin")
{
// do your magic here
return redirect()->route('admin.index');
}
elseif( Auth::User()->role == "instructor")
{
return redirect()->route('instructor.index');
}
else
{
return redirect('/home');
}
}
else{
Auth::logout();
return redirect()->route('login')->with('delete','You are deactivated !');
}
}
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function socialLogin($social)
{
return Socialite::driver($social)->redirect();
}
public function handleProviderCallback($social)
{
$userSocial = Socialite::driver($social)->user();
$user = User::where(['email' => $userSocial->getEmail()])->first();
// set the remember me cookie if the user check the box
$remember = (Input::has('remember')) ? true : false;
// attempt to do the login
if(Auth::attempt(['email' => $request->get('email') , 'password' => $request->get('password') ,
'status' => 1], $request->remember)){
return redirect()->intended('/home');
}
else
{
$errors = new MessageBag(['email' => ['Email or password is invalid.']]);
return Redirect::back()->withErrors($errors)->withInput($request->except('password'));
}
if ($user) {
Auth::login($user);
return redirect()-> action('HomeController@index');
}
else {
return view('auth.register', ['name'=> $userSocial->getName(),
'email' => $userSocial->getEmail()]);
}
}
}
我从laravel 7升级到8,session.phpSESSION_SECURE_COOKIE在true上有默认值
'secure' => env('SESSION_SECURE_COOKIE', true),
将SESSION_SECURE_COOKIE=false放在.env上,因为本地没有SSL,然后运行:
php artisan optimize:clear
(定期清除缓存不起作用(
希望它能帮助
我找到了"same_site"=>quot;none";在配置会话文件中,而不是null。将none更改为null后,它工作正常。
此错误是由于CSRF令牌验证失败、缓存配置错误、权限、会话设置不正确造成的。当用户提交发布请求时,会显示此错误。你可以通过以下操作来修复它:
-
CSRF令牌验证失败419的最常见原因错误为CSRF令牌失败。跨站点请求伪造是一种独特的,由服务器生成的加密值。这包含在客户端的HTTP请求。稍后服务器会对其进行验证。如果失败,则会导致会话过期错误。所以,你检查一下CSRFLaravel配置中的设置。
-
由于缓存导致的会话过期错误有时,缓存也可能导致前端出现会话过期错误。这可能是服务器缓存和浏览器缓存。因此,使用
php artisan cache:clear清除服务器缓存 -
Laravel文件和文件夹权限类似地,不正确的文件或文件夹权限也可能导致错误。通常,web服务器需要对Laravel文件夹存储和供应商的写入权限。而且会话存储需要写入权限。因此,授予权限为,
chmod-R 755存储
chmod-R 755供应商
chmod-R 644引导/缓存
Laravel会话设置最后但并非最不重要的是,会话设置也可能导致419错误。app/config/session.php是会话配置文件。检查几个重要参数——域和安全。
'domain' => env('SESSION_DOMAIN', null),
'secure' => env('SESSION_SECURE_COOKIE', false), // in case of cookie
这些循序渐进的方法修复了错误,并使Laravel重新工作。
如果您正在使用此指令,则应将其删除。
我以前遇到过这个问题(Laravel 5x(,在我删除它后就解决了。
$request->session()->flush();
此指令使csrf=为空。
如果以上解决方案都不起作用,请检查您是否在local.env 中设置了这两个变量
SANCTUM_STATEFUL_DOMAINS=
SESSION_DOMAIN=
在我的案例中,我尝试了Sanctum进行身份验证,但最终切换到了另一种身份验证方法。我忘了删除本地.env文件中的两个变量,这两个变量是我为测试目的而设置的。
尽管我的本地主机127.0.0.1:8000是SANCTUM_STATEFUL_DOMAINS的一部分;419页过期";尝试登录时出现错误消息。
在我的情况下,一切都在线工作(因为这些变量也没有设置在那里(