doujiu8145 2018-11-19 01:09
浏览 49

Laravel 5.6更改电子邮件地址会重置登录限制

There's a weird issue with laravel's login throttling. I set the variables:

 public $maxAttempts = 5;
 public $decayMinutes = 3;

in the Auth/LoginController.php, and override the sendLockoutResponse function like this:

protected function sendLockoutResponse(Request $request) {
  $seconds = $this->limiter()->availableIn(

  $minutes = floor($seconds / 60);
  $seconds = $seconds % 60;

  return back()->with('authError', 'Wait ' . $minutes . ' minutes and ' . $seconds . ' seconds.');

When I try 5 failed login attempts using wrong credentials I can see the AuthError message on the page. And if I go on with the same e-mail address I continue to see seconds and minutes decrease. But if I change the e-mail the whole throttle gets reset. I still have 5 failed attempts to go.

My question is: if laravel determines a user's login attempts by IP address and uses cache to poll them, why changing the e-mail resets the login throttle?

PS my .env values are:

  • 写回答

1条回答 默认 最新

  • dongyo1818 2018-11-19 01:20

    The Laravel docs share the details of the built in throttling

    as you can read the IP and email address combination is used to track login attempts

    I imagine so that if multiple users are logging in from the same IP they all do not get locked out/throttled

    You would need to change this to use ID or similar if you want it to act differently

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 咨询一下有关于王者荣耀赢藏战绩
  • ¥100 求购一套带接口实现实习自动签到打卡
  • ¥50 MacOS 使用虚拟机安装k8s
  • ¥500 亚马逊 COOKIE我如何才能实现 登录一个亚马逊账户 下发新 COOKIE ..我使用下发新COOKIE 导入ADS 指纹浏览器登录,我把账户密码 修改过后,原来下发新COOKIE 不会失效的方式
  • ¥20 玩游戏gpu和cpu利用率特别低,玩游戏卡顿
  • ¥25 oracle中的正则匹配
  • ¥15 关于#vscode#的问题:把软件卸载不会再出现蓝屏
  • ¥15 vimplus出现的错误
  • ¥15 usb无线网卡转typec口
  • ¥30 怎么使用AVL fire ESE软件自带的优化模式来优化设计Soot和NOx?