普通网友 2014-01-10 20:32
浏览 59
已采纳

Laravel 4身份验证令牌不匹配

In the filters file I have the following:

Route::filter('auth', function()
{
    if (Auth::guest()) return Redirect::to('user/login');
});

These are the routes I have in my routes.php file:

Route::group(['before' => 'auth'], function ()
{
    Route::resource('section', 'SectionController');
    Route::resource('article', 'ArticleController');
});

Route::controller('user', 'UserController');

the UserController is where the action takes place. Inside the UserController this method handles the login form post which is standard Laravel blade template, no package in use:

Blade file:

    {{ Form::open(['url' => 'user/signin']) }}
{{ Form::token() }}
    <div class="form-group">
        <label>{{ trans('user.email') }}</label>
        <input type="email" name="email" value="" class="form-control">
    </div>

    <div class="form-group">
        <label>{{ trans('user.password') }}</label>
        <input type="password" name="password" value="" class="form-control">
    </div>

    <input type="submit" class="btn btn-primary" value="{{ trans('login') }}">
                {{ Form::close() }}

and this is the UserController post action:

public function postSignin()
{
    //
    if (Auth::attempt(['email' => Input::get('email'), 'password' => Input::get('password')]))
    {
        return Auth::user()->email;
    }
    else
    {
        return Redirect::to('user/login')->with('message', trans('login.failure'));
    }
}

and this is the migration file I use:

public function up()
{
    //
    Schema::create('users', function ($table) {
        $table->increments('id');
        $table->string('email', 16)->unique();
        $table->string('password', 255);
        $table->timestamps();
    });
}

But when I login, I get an exception:

Illuminate \ Session \ TokenMismatchException

thrown in the filters.php file:

Route::filter('csrf', function()
{
    if (Session::token() != Input::get('_token'))
    {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

What am I doing wrong? Does Auth::attempt Hash the password? it is Hashed in the Seeder I use to generate the root user. When I dump the Session::token() it's identical to my Form::token() but still, the TokenMismatchException is thrown within the filters.php file.

Update I disabled the csrf filter in order to be able to actually see the tokens. The two tokens Session::token() and Form::token() are identical before I submit the form, I checked this by looking at the HTML source code. When I submit the form and and dump the tokens using dd() inside my postSignin method the Session::token() has changed. It is no longer identical to the Session::token() seen in the HTML source code.

return array(
    'driver' => 'array',
);

Session config in local folder.

  • 写回答

2条回答 默认 最新

  • dongling2038 2014-01-12 06:44
    关注

    FYI - this is not an auth issue - it has nothing to do with login authentication.

    This relates to a CSRF token, due to the form submission. Somewhere in your code, you must be calling the CSRF filter.

    Adding this to your form should solve the problem:

    {{ Form::open(['url' => 'user/signin']) }}
    {{ Form::token() }}

    ....  /// rest of form stuff here 

{{ Form::close() }}

    edit: make sure your session configuration is also correct. If it is set to 'array' it will not work. It should be 'file' or some other option.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法