避免在每个 axios 请求 laravel 上创建新会话答案

【问题标题】：Avoid creating new session on each axios request laravel避免在每个 axios 请求 laravel 上创建新会话
【发布时间】：2021-08-19 16:23:20
【问题描述】：

我正在开发一个在后端使用Laravel 8 并在前端使用Nuxtjs 的应用程序。我的问题是每次我用Axios 发出请求时，不管使用什么方法，Laravel 都会创建一个新会话。例如，这会阻止我检查 csrf cookie，因为每次生成新会话时。我真的不知道该怎么做，我想得到你的帮助...

获取会话令牌的示例代码：

Route::get('/test', function() {
    return request()->session()->token();
});

第一次尝试：IM23wUv9NTY2IUu9gAJix6TTg3IFjjgOkasOkRhn

第二次尝试：bMpuaa9Ink4dOUUJNEyJnbYYKSqSACP216Xq08Uh

因此，我的每个请求总是得到 419。

代码：

const self = this
const rootURL = self.$axios.defaults.baseURL.replace('/api', '')
self.$axios.get('/sanctum/csrf-cookie', {
  baseURL: rootURL
}).then(() => {
  self.$axios.post('/auth/login', {
    email: self.email,
    password: self.password,
  }, {withCredentials: true}).then(({data: response}) => {
    console.log(response)
  })
})

回复：

{
    "message": "CSRF token mismatch.",
    "exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
    "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
    "line": 387,
    "trace": [
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
            "line": 332,
            "function": "prepareException",
            "class": "Illuminate\\Foundation\\Exceptions\\Handler",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php",
            "line": 51,
            "function": "render",
            "class": "Illuminate\\Foundation\\Exceptions\\Handler",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 172,
            "function": "handleException",
            "class": "Illuminate\\Routing\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
            "line": 121,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
            "line": 64,
            "function": "handleStatefulRequest",
            "class": "Illuminate\\Session\\Middleware\\StartSession",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Illuminate\\Session\\Middleware\\StartSession",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php",
            "line": 37,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php",
            "line": 67,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Illuminate\\Cookie\\Middleware\\EncryptCookies",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/sanctum/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php",
            "line": 26,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 149,
            "function": "Laravel\\Sanctum\\Http\\Middleware\\{closure}",
            "class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 103,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/sanctum/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php",
            "line": 34,
            "function": "then",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 103,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
            "line": 697,
            "function": "then",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
            "line": 672,
            "function": "runRouteWithinStack",
            "class": "Illuminate\\Routing\\Router",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
            "line": 636,
            "function": "runRoute",
            "class": "Illuminate\\Routing\\Router",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
            "line": 625,
            "function": "dispatchToRoute",
            "class": "Illuminate\\Routing\\Router",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
            "line": 166,
            "function": "dispatch",
            "class": "Illuminate\\Routing\\Router",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 128,
            "function": "Illuminate\\Foundation\\Http\\{closure}",
            "class": "Illuminate\\Foundation\\Http\\Kernel",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",
            "line": 21,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php",
            "line": 31,
            "function": "handle",
            "class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",
            "line": 21,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php",
            "line": 40,
            "function": "handle",
            "class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Illuminate\\Foundation\\Http\\Middleware\\TrimStrings",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php",
            "line": 27,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php",
            "line": 86,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/fruitcake/laravel-cors/src/HandleCors.php",
            "line": 52,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Fruitcake\\Cors\\HandleCors",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/fideloper/proxy/src/TrustProxies.php",
            "line": 57,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 167,
            "function": "handle",
            "class": "Fideloper\\Proxy\\TrustProxies",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
            "line": 103,
            "function": "Illuminate\\Pipeline\\{closure}",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
            "line": 141,
            "function": "then",
            "class": "Illuminate\\Pipeline\\Pipeline",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
            "line": 110,
            "function": "sendRequestThroughRouter",
            "class": "Illuminate\\Foundation\\Http\\Kernel",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/public/index.php",
            "line": 52,
            "function": "handle",
            "class": "Illuminate\\Foundation\\Http\\Kernel",
            "type": "->"
        },
        {
            "file": "/home/sidik/Projets/Colisone/web/laravel-backend/server.php",
            "line": 21,
            "function": "require_once"
        }
    ]
}

【问题讨论】：

关于问题是否已解决以及您解决问题的方式是否不错的更新

标签： php laravel axios nuxt.js

【解决方案1】：

服务器上的会话用于存储一些用户数据（IP、身份验证等）。因此，因为 API 是无状态的（服务器不需要了解用户），服务器似乎为每个请求生成一个新会话，这是合乎逻辑的。

你应该做的是让你的应用程序不需要会话数据（无状态）。

我不建议您这样做，并且以前从未这样做过，所以我不知道它是否有效，但如果您绝对需要这些会话，那么您必须查看 kernel.php 文件。

在$middlewareGroups数组的api可以添加

\Illuminate\Session\Middleware\StartSession::class, 像这样到数组的开头：

    'api' => [
        \Illuminate\Session\Middleware\StartSession::class,
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

或

在登录时为用户生成一个会话（在其中为他们分配一个令牌），将该会话存储到数据库（创建会话表）。然后创建一个中间件，检查发出请求的用户是否在数据库中有任何会话。如果是，则将该会话分配给当前用户。并将其添加到您需要的路线中。

如果在某种情况下我需要做这样的事情，我会选择选项 2，因为首先我认为第一个不能解决您的问题，其次，后一种方式仍然使我能够无忧地扩展我的应用程序（我需要无论如何都要分离我的数据库服务器）。

您可以在 Google 上搜索有关在 API 上进行会话的方法。你可能会找到更适合你的东西。

【讨论】：

【解决方案2】：

this 或 this 回答你的问题了吗？

喜欢：

在您的 config/session.php 内部

确保domain 设置为正确的路径或为空
将安全设置更改为 true 'secure' => env('SESSION_SECURE_COOKIE', true)（或者如果不使用 SSL，请尝试使用 false）
尝试不使用 https
确保cookie 不包含 . （点）或尝试不带 _ 下划线

或另一种方法：

就像this 回答告诉你的那样，如果你通过 JS 附加标头，请尝试附加一个新的中间件

如果有刀片视图的另一种解决方案，请尝试将其放入其中：

<script>window.Laravel = {csrfToken: '{{ csrf_token() }}'}</script>

在 bootstrap.js 文件中：

window.axios  = require('axios');
window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
window.axios.defaults.headers.common['X-CSRF-TOKEN'] = window.Laravel.csrfToken;

【讨论】：

【解决方案3】：

指导性答案：

PHP 存储会话并通过查找会话 id 的 cookie 来检查请求，以查找其会话存储中是否存在具有该 id 的会话（如果您未将其配置为使用数据库或 redis，则每个服务器上的文件）与否。

在请求中，

如果没有 cookie，则创建一个新会话。
如果存在包含会话 ID 的 cookie，并且在会话存储中找到，则使用该会话。
如果存在包含会话 ID 的 cookie，但在会话存储中未找到，则会再次创建一个新会话。

1.如果您使用 API 服务器并且不使用 cookie 并且不发送任何会话 id，您必须使用一种方法来验证您的请求。（例如，身份验证令牌。您也可以检查 laravel 护照）。解决问题的方法应该是调查 API 身份验证方法。

2.如果你确实使用会话，

您必须检查您的请求是否包含带有会话 ID 的 cookie。如果没有，您应该找到解决方法
如果有 cookie，您应该检查每个请求中发送的会话 ID。他们是否在每个请求中都发生了变化？或者他们是一样的？您必须在这里弄清楚两件事：
- 如果每个请求中的会话 id 相同，你应该调试你的服务器端来找出为什么 php 找不到你的会话，尽管请求中有一个会话 id 并创建一个新的（不要忘记检查会话 id存储在会话存储中）。矛盾的是，如果你发现 php 创建了一个新会话，尽管请求中有一个会话 id，那么请求中的会话 id 不应该是相同的，因为 php 告诉你的客户端通过发送一个 cookie 作为响应来存储新的会话 id。
- 如果每个请求中的会话 ID 不同，则可能是您的服务器没有正确处理会话，如上面的项目符号所述，或者它完全配置为不使用会话。它可能被配置为无状态运行，您应该关注我在 1 中谈到的内容。另外，您可以关注 Amir Daneshkar 在他的response 中所说的内容。

我希望这对您和许多对 Cookie 了解不足的人有所帮助。

【讨论】：