Php Symfony 4未在生产模式下登录
我正在用symfony 4.2开发一个网站。将其放到生产服务器后,我将APP_ENV修改为prod,并运行composer update--no-dev 完成此操作后,我无法登录。我没有登录错误。日志文件为空。我不知道我做错了什么。我还试图设置APP_DEBUG=1,但什么都没有。。。不管我在做什么,只要重新加载登录页面就行了 这是我的安全。yaml:Php Symfony 4未在生产模式下登录,php,symfony,login,symfony4,production-environment,Php,Symfony,Login,Symfony4,Production Environment,我正在用symfony 4.2开发一个网站。将其放到生产服务器后,我将APP_ENV修改为prod,并运行composer update--no-dev 完成此操作后,我无法登录。我没有登录错误。日志文件为空。我不知道我做错了什么。我还试图设置APP_DEBUG=1,但什么都没有。。。不管我在做什么,只要重新加载登录页面就行了 这是我的安全。yaml: security: access_decision_manager: strategy: affirmative encoders:
security:
access_decision_manager:
strategy: affirmative
encoders:
App\Entity\Account: bcrypt
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
database_users:
entity: { class: App\Entity\Account, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
# activate different ways to authenticate
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
form_login:
check_path: security_login
login_path: security_login
csrf_token_generator: security.csrf.token_manager
default_target_path: home_index
logout:
path: security_logout
target: security_login
# https://symfony.com/doc/current/security/form_login_setup.html
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPERIOR: ROLE_USER
ROLE_SUPERVISOR: ROLE_USER
ROLE_WORKER: ROLE_USER
登入表格:
<form action="{{ path('security_login') }}" method="post" class="panel-body">
{% if error %}
<div class="alert alert-danger">
{{ error.messageKey|trans(error.messageData, 'security') }}
</div>
{% endif %}
<div class="form-group">
<input class="form-control" placeholder="{{ "login.username"|trans }}" type="text" name="_username" id="_username" autofocus />
</div>
<div class="form-group">
<input class="form-control" placeholder="{{ "login.password"|trans }}" type="password" name="_password" id="_password" />
</div>
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}" />
<input id="login" type="submit" class="btn btn-lg btn-secondary btn-block" value="{{ "common.button.login"|trans }}" />
<a href="{{ path('security_register') }}" id="register" class="btn btn-lg btn-secondary btn-block">{{ "common.button.registration"|trans }}</a>
</form>
{%if错误%}
{{error.messageKey | trans(error.messageData,'security')}
{%endif%}
安全控制器:
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
class SecurityController extends AbstractController
{
/**
* @Route("/login", name="security_login")
* @param AuthenticationUtils $authenticationUtils
* @return \Symfony\Component\HttpFoundation\Response
*/
public function index(AuthenticationUtils $authenticationUtils)
{
if ($this->get('security.authorization_checker')->isGranted(["ROLE_USER"])) {
return new RedirectResponse(
$this->generateUrl('home_index')
);
}
$error = $authenticationUtils->getLastAuthenticationError();
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', [
'last_username' => $lastUsername,
'error' => $error
]);
}
/**
* @Route("/logout", name="security_logout")
*/
public function logout()
{
}
}
检查数据库中的用户表是否包含登录名和密码。apache/nginx中有日志吗?您能否运行控制台而不出现任何错误(php-bin/console
)?检查文件权限。如果您将APP_ENV切换回dev,它能工作吗?Apache日志也是空的。是的,我能跑。如果我换回来,它工作得很好。在framework.yaml中,我将cookie\u secure从auto更改为false。它目前正在工作,但我认为这不是一个“好”的解决方案。如果cookie\u secure
设置为true,您必须设置https才能使您的登录表单工作,否则它不会工作。您的生产站点是否使用https?解决方案是在framework.yaml中添加cookie名称。此网站位于子域上,它获得了另一个网站的同名cookie,该cookie位于父域上。谢谢你的帮助!