Session yii2无法验证您提交的数据
我使用nginx、php5.5.14、phpfpm、yii2、macos 我将yii配置更改为将会话存储在数据库中(postgress,用户是超级用户)。 这在我的配置中:Session yii2无法验证您提交的数据,session,yii,csrf,yii2,Session,Yii,Csrf,Yii2,我使用nginx、php5.5.14、phpfpm、yii2、macos 我将yii配置更改为将会话存储在数据库中(postgress,用户是超级用户)。 这在我的配置中: 'session' => [ 'class' => 'yii\web\DbSession', 'sessionTable' => 'session', ], 现在,当我尝试注册新用户时,出现以下错误: Bad Request (#400) Unable to v
'session' => [
'class' => 'yii\web\DbSession',
'sessionTable' => 'session',
],
现在,当我尝试注册新用户时,出现以下错误:
Bad Request (#400)
Unable to verify your data submission
以下是日志的一部分:
10 17:25:57.434 info yii\db\Command::query SELECT "data" FROM "session" WHERE "expire">1425993957 AND "id"='cfg9sutufqchr1tdose4cack15'
/Users/pupadupa/Dev/www/mint-office-web/components/Controller.php (41)
11 17:25:57.442 info yii\web\Session::open Session started
/Users/pupadupa/Dev/www/mint-office-web/components/Controller.php (41)
12 17:25:57.450 error yii\web\HttpException:400 exception 'yii\web\BadRequestHttpException' with message 'Не удалось проверить переданные данные.' in /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/web/Controller.php:110
Stack trace:
#0 /Users/pupadupa/Dev/www/mint-office-web/components/Controller.php(41): yii\web\Controller->beforeAction(Object(app\controllers\user\RegistrationAction))
#1 /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/base/Controller.php(149): app\components\Controller->beforeAction(Object(app\controllers\user\RegistrationAction))
#2 /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/base/Module.php(455): yii\base\Controller->runAction('registration', Array)
#3 /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/web/Application.php(83): yii\base\Module->runAction('user/registrati...', Array)
#4 /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/base/Application.php(375): yii\web\Application->handleRequest(Object(yii\web\Request))
#5 /Users/pupadupa/Dev/www/mint-office-web/web/index.php(20): yii\base\Application->run()
#6 {main}
13 17:25:57.454 trace yii\base\Controller::runAction Route to run: index/error
顺便说一句
,表格中有csrf输入。所以这似乎不是问题所在public$enableCsrfValidation=false代码>因为我认为这不是解决方案,而是解决方法
一些补充资料: 我可以从会话中设置和获取变量。例如,我把它放在
Controller.php
Yii::$app->session->set('test', 'qwe');
$t = Yii::$app->session->get('test') ;
var_dump($t);
但在那之后如果我像这样评论第一行
//Yii::$app->session->set('test', 'qwe');
$t = Yii::$app->session->get('test') ;
var_dump($t);
并刷新页面-我收到NULL(顺便说一句,我可以在刷新后的Cookie中看到Cookie:PHPSESSID=cfg9sutufqchr1tdose4cack15
)
因此,session(DbSession)或我的php/php fpm/nginx设置似乎存在一些问题
My
UserController.php
:
<?php
namespace app\controllers;
use app\components\Controller;
use app\models\Client;
use app\models\User;
use yii\filters\AccessControl;
use yii\web\BadRequestHttpException;
use yii\web\NotFoundHttpException;
class UserController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'employee'],
'rules' => [
[
'actions' => ['logout',],
'allow' => true,
'roles' => ['@'],
],
[
'actions' => ['employee', 'employee_add'],
'allow' => true,
'roles' => [ROLE_CLIENT_ADMIN],
],
],
],
];
}
public function actions()
{
return [
'login' => 'app\controllers\user\LoginAction',
'logout' => 'app\controllers\user\LogoutAction',
'restore' => 'app\controllers\user\RestoreAction',
'registration' => 'app\controllers\user\RegistrationAction',
'employee' => 'app\controllers\user\EmployeeAction',
'employee_add' => 'app\controllers\user\EmployeeAddAction',
//'passwd' => 'app\controllers\user\PasswdAction',
'captcha' => [
'class' => 'yii\captcha\CaptchaAction',
'fixedVerifyCode' => YII_ENV === 'dev' ? 'testme' : null,
],
];
}
/**
* @param int $clientId
* @return Client
* @throws BadRequestHttpException
* @throws NotFoundHttpException
*/
public function getClient($clientId)
{
if (!\Yii::$app->user->can(ROLE_ADMIN)) {
/* @var User $user */
$user = \Yii::$app->user->identity;
$clientId = $user->client_id;
}
if (!$clientId) {
throw new BadRequestHttpException('Bad request');
}
$client = Client::find()->where(['id' => $clientId])->one();
if (!$client) {
throw new NotFoundHttpException('Компания не найдена');
}
return $client;
}
}
<?php
namespace app\controllers\user;
use app\models\UserConfirm;
use Yii;
use app\components\Action;
use app\forms\RegistrationForm;
use yii\web\NotFoundHttpException;
class RegistrationAction extends Action
{
public function run($key = null)
{
if ($key !== null) {
/* @var UserConfirm $confirm */
$confirm = UserConfirm::find()->andWhere('expire > NOW()')->andWhere([
'key' => $key,
'action' => 'reg'
])->one();
if (!$confirm) {
throw new NotFoundHttpException('Key not found');
}
$user = $confirm->user;
$user->enabled = true;
$user->last_login = date('Y-m-d H:i:s');
$user->save();
$confirm->delete();
Yii::$app->user->login($user, 0);
return $this->controller->goHome();
}
$model = new RegistrationForm();
if ($model->load($_POST) && $model->validate() && $model->register()) {
$subject = Yii::$app->name . ' - Success';
$message = $this->controller->renderPartial(
'//email/registration',
[
'username' => $model->email,
'password' => $model->password,
'key' => $model->key,
'keyExpire' => $model->keyExpire
]
);
$res = Yii::$app->mailer->compose()
->setTo($model->email)
->setFrom([Yii::$app->params['from'] => Yii::$app->params['fromName']])
->setSubject($subject)
->setHtmlBody($message)
->send();
Yii::$app->session->setFlash('registrationFormSubmitted');
return $this->controller->refresh();
}
return $this->controller->render('registration', ['model' => $model]);
}
}
看起来您的会话id已更改。检查会话cookie的值在第二次请求后是否更改。当您错误配置为会话cookie设置的域时,会发生这种情况,请确保它与URL中的主机名匹配。我认为这种情况有时会在服务器出现故障时发生,我需要做的只是重新启动apache服务器
i hv used this while calling logout
$menuItems[] = [
'label' => 'Logout (' . Yii::$app->user->identity->username . ')',
'url' => ['/site/logout'],
// 'linkOptions' => ['data-method' => 'get']
'data-method' => 'get'
];
in main .php change post to get
---------------------------------------------------
and have changes this also
$url = Html::a('Logout',
['/site/logout'],
['class' => 'btn btn-success', 'data-method' => 'get']);
this is also in main.php
--------------------------------------------------------------------
in behaviour of site controller also
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup','index'],
'rules' => [
[
'actions' => ['signup'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout','index'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['get'],
],
],
];
}
change post to get...and it will work....
适用于MacOSx上的apache
sudo apachectl restart
用于Linux上的apache
sudo service apache2 restart
或
我所做的是,我只是使后端和前端的“csrfParam”有所不同,在“phpinit”命令之后,一切都正常工作
不确定这是否是一个bug,或者如果我们使用DBsession,我们必须设置不同的“csrfParam”。不确定是否太晚了,但我发现这个解决方案在类似的Yi2框架在POST表单请求中抛出400个错误请求的情况下对我有效 只需在表单中添加此代码,手动为密钥包含CSRF输入字段,Yii2将接受数据提交:
注意:这是针对高级模板的。从长远来看,我建议不要使用基于短标记的框架,因为PHPers会知道这是一个诅咒。您是否尝试过删除所有浏览器cookie并删除会话表中的所有行?只是为了确保你的问题不是由这些事情引起的。@robsch是的,我试过了,但没有帮助。你能提供控制器和操作或其他相关代码吗?@robsch添加了控制器和操作的代码。我不是专家。我看不出问题出在哪里。但我现在认为这不是由控制器或动作引起的。不过有两件事:第二次调用
$t=Yii::$app->session->get('test')代码>您仍然具有预期的会话id吗?注册操作不是按照ajax调用的吗?您还可以注意csrf值是否如预期的那样。
sudo service httpd restart