问题描述
我将为我的应用程序创建一个单点登录界面.另一个应用程序发送AJAX POST请求,然后我对用户进行身份验证并返回响应.已设置会话cookie,但未加密.
I'm about to create a single-sign-on interface for my app. The other app sends an AJAX POST request and I authenticate the user and return a response. A session cookie is beeing set, but it is not encrypted.
相关代码
$user = User::where('email', $email)->first();
if ($user) {
Auth::login($user);
return response("OK", 200);
}
我在Kernel.php中的"api"部分
My 'api' part in Kernel.php
'api' => [
'throttle:60,1',
'bindings',
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\App\Http\Middleware\EncryptCookies::class,
],
我的路线(没有其他中间件)
My route (no additional Middleware)
Route::post(
'/auth-request', [
'uses' => 'UserController@post_authenticateRequest',
'as' => 'authrequest'
]);
Kernel.php中的EncryptCookies类似乎对AJAX发布请求没有任何影响-而是仅对会话部分有效.当我手动添加Cookie
The EncryptCookies class in Kernel.php doesn't seem to have any effect in the AJAX post request - but only for the session part. When I manually add a cookie like
response("OK", 200)->cookie("mysession", Session::getId(), 60);
它已加密!
当我完全删除Kernel.php中针对"api"和"web"的EncryptCookies时,从AJAX请求创建的会话将正确加载-但不再进行加密.
When I completely remove EncryptCookies in Kernel.php for both "api" and "web" the created session from the AJAX request is loaded correctly - but without encryption anymore.
如何加密AJAX会话Cookie?我还需要其他中间件吗?
How do I get the AJAX session cookie beeing encrypted? Do I need any other Middleware?
感谢您的帮助.
推荐答案
从lagbox中读取注释后,我在"api"部分尝试了几个EncryptCookies :: class定义的地方.我不仅需要将其放置在StartSession之前,而且还需要将其放置为第一个元素.现在就可以了!
After reading the comment from lagbox, I've tried several places for the EncryptCookies::class definition in my "api" part. I need to place it not only before StartSession but as the first element. And now it works!
我在Kernel.php中完整的$ middlewareGroups部分现在看起来像这样:
My complete $middlewareGroups part in Kernel.php now looks like this:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\App::class,
],
'api' => [
\App\Http\Middleware\EncryptCookies::class,
'throttle:60,1',
'bindings',
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
],
];
希望这对您有所帮助.
这篇关于使用AJAX时未加密Laravel会话cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!