我有一个Laravel 4.1应用程序,使用雄辩的身份验证驱动程序和数据库会话驱动程序。我的身份验证控制器成功运行Auth::尝试并重定向到新页面。然而,一旦进入新页面,身份验证会话数据似乎就消失了。我在重定向到的页面上运行了一个验证过滤器,它失败了,然后将用户再次重定向到登录页面。用户无法进入登录页面
这是我的session.php:
<?php
return array(
'driver' => 'database',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => 'mysql',
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
My sessions table schema:
CREATE TABLE `sessions` (
`id` varchar(32) NOT NULL,
`payload` text NOT NULL,
`last_activity` int(11) NOT NULL,
UNIQUE KEY `id` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
和我的验证过滤器:
Route::filter('auth', function()
{
if (Auth::guest()) {
if ( Request::ajax() ) {
return Response::make("Your session has timed out. Please sign in again.", 401);
} else {
return Redirect::guest('login');
}
}
});
验证过滤器中的Auth::guest()调用总是返回false。
我在Illuminate/Auth/Guard.php的user()方法中添加了一些Logging,发现在来自登录表单的POST中,当user()方法被调用时,认证数据在会话中。但是,当从重定向上的验证过滤器调用它时(auth::guest()间接调用user()方法),会话数据将消失。
下面是user()方法,供参考:
public function user()
{
if ($this->loggedOut) return;
// If we have already retrieved the user for the current request we can just
// return it back immediately. We do not want to pull the user data every
// request into the method because that would tremendously slow an app.
if ( ! is_null($this->user))
{
return $this->user;
}
$id = $this->session->get($this->getName());
// First we will try to load the user using the identifier in the session if
// one exists. Otherwise we will check for a "remember me" cookie in this
// request, and if one exists, attempt to retrieve the user using that.
$user = null;
if ( ! is_null($id))
{
$user = $this->provider->retrieveByID($id);
}
// If the user is null, but we decrypt a "recaller" cookie we can attempt to
// pull the user data on that cookie which serves as a remember cookie on
// the application. Once we have a user we can return it to the caller.
$recaller = $this->getRecaller();
if (is_null($user) && ! is_null($recaller))
{
$user = $this->getUserByRecaller($recaller);
}
return $this->user = $user;
}
当user()从验证过滤器调用时,$this->loggedOut为假,但$this->user为空,$this->session->get($this->getName())返回空。
似乎在任何时候都没有调用Auth::logout()
由于Laravel使用sha1哈希作为会话id,所以会话表的id字段需要至少有40的长度。
我有一个类似的问题,当我将我的站点部署到数字海洋实例时,会话在请求之间不持续,我花了几天时间寻找解决这个问题的答案,因为该站点在本地流浪机器上工作正常。我的问题的解决方案是,在User模型上,我必须将getAuthPassword函数返回语句从"$this->password"更改为"$this->password",这是数据库中的列名。
public function getAuthPassword()
{
return $this->Password;
}