Fatal编程技术网
  • laravel/
  • 使用AJAX时未加密Laravel会话cookie

使用AJAX时未加密Laravel会话cookie

laravel laravel-5

使用AJAX时未加密Laravel会话cookie,laravel,laravel-5,Laravel,Laravel 5,我将为我的应用程序创建一个单一登录界面。另一个应用程序发送一个AJAX POST请求,我对用户进行身份验证并返回响应。会话cookie已设置,但未加密 有关守则 $user = User::where('email', $email)->first(); if ($user) { Auth::login($user); return response("OK", 200); } Kernel.php中我的“api”部分 'api' => [ 'throttle:60

我将为我的应用程序创建一个单一登录界面。另一个应用程序发送一个AJAX POST请求,我对用户进行身份验证并返回响应。会话cookie已设置,但未加密

有关守则

$user = User::where('email', $email)->first();
if ($user) {
  Auth::login($user);
  return response("OK", 200);
}
Kernel.php中我的“api”部分

'api' => [
    'throttle:60,1',
    'bindings',
    \Illuminate\Session\Middleware\StartSession::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    \App\Http\Middleware\EncryptCookies::class,
],
我的路线(无其他中间件)

Kernel.php中的EncryptCookies类似乎对AJAX post请求没有任何影响,但仅对会话部分有效。当我手动添加cookie时,如

response("OK", 200)->cookie("mysession", Session::getId(), 60);
它是加密的

当我完全删除Kernel.php中“api”和“web”的EncryptCookie时,从AJAX请求创建的会话被正确加载,但不再加密

如何对AJAX会话cookie进行加密?我需要其他中间件吗

感谢您的帮助。

在阅读了lagbox的评论之后,我在“api”部分中尝试了几处EncryptCookies::类定义。我不仅要把它放在StartSession之前,还要把它作为第一个元素。现在它工作了

Kernel.php中完整的$middlewareGroups部分现在如下所示:

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \App\Http\Middleware\App::class,
    ],

    'api' => [
        \App\Http\Middleware\EncryptCookies::class,
        'throttle:60,1',
        'bindings',
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    ],
];
希望这是有帮助的。

加密cookies
放在
开始会话之前
?@lagbox-Oh-man。我已经准备好了,但是没有改变。但是为了检查你的建议,我把它放在了所有其他定义之前,万岁!现在它被加密了!谢谢,干杯。我在这个项目中使用了Laravel 5.4.36。你救了我的命 
protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \App\Http\Middleware\App::class,
    ],

    'api' => [
        \App\Http\Middleware\EncryptCookies::class,
        'throttle:60,1',
        'bindings',
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    ],
];