Laravel 5.7 中的会话冲突

Question

我需要一个指南来解决这个问题。

我有一个应用程序，当系统管理员在应用程序上注册用户时，它会向用户发送电子邮件通知。新注册的用户应该点击电子邮件中的链接，这应该会将他/她带到登录页面。

但是，我意识到，如果系统管理员在新注册的用户单击电子邮件通知中的链接时仍然登录到应用程序，单击电子邮件中的该链接会自动将用户带到仪表板，他/她以注册他/她的系统管理员身份登录。 登录控制器上有如下中间件：

public function __construct()
{   
    $this->middleware('guest')->except('logout');
}

因此，它不允许已登录的用户返回登录页面。因此，当新创建的用户单击其电子邮件中的链接时，如果他/她仍处于登录状态，则会被定向到系统管理员的仪表板。

我猜这是一个会话问题，但我不知道如何解决它。因此，我将不胜感激任何解决此问题的指南。

这是我的登录脚本。

<?php

    namespace App\Http\Controllers\Auth;

    use App\Http\Controllers\Controller;

    use Illuminate\Http\Request;
    use Illuminate\Foundation\Auth\AuthenticatesUsers;

    use Illuminate\Support\Facades\Auth;

    class LoginController extends Controller
    {
    /*
    |--------------------------------------------------------------------------
   | Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/

use AuthenticatesUsers;

/**
 * Where to redirect users after login.
 *
 * @var string
 */
protected $redirectTo = '/dashboard';

/**
 * Create a new controller instance.
 *
 * @return void
 */
public function __construct()
{   
    $this->middleware('guest')->except('logout');
}

 /**
 * The user has been authenticated.
 * Therefore, load up his permissions in session
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  mixed  $user
 * @return mixed
 */
protected function loadUserRoutes($user)
{
    $userRoutes=collect([]);
    if(($user->role->routes)->isNotEmpty())
    {
        foreach($user->role->routes as $route)
        {
            $userRoutes->push($route->name);
        }
    }

    session(['userRoutes' => $userRoutes,'navbar'=>$user->role_id]);
}


/**
 * Send the response after the user was authenticated.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
protected function sendLoginResponse(Request $request)
{
    $request->session()->regenerate();

    $this->clearLoginAttempts($request);
    $this->loadUserRoutes($this->guard()->user());

    return $this->authenticated($request, $this->guard()->user())
            ?: redirect()->intended($this->redirectPath());
}

/**
 * Attempt to log the user into the application.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return bool
 */
protected function attemptLogin(Request $request)
{
    return Auth::attempt(['email' => $request->email, 'password' => 
$request->password, 'active' => '1'], $request->filled('remember')
    );
  }
}

通知是从 app/Notifications 中的通知方法生成的。 这是下面通知的代码

<?php

namespace App\Notifications;

use Illuminate\Bus\Queueable;
use Illuminate\Notifications\Notification;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Notifications\Messages\MailMessage;

class RegistrationSuccessful extends Notification implements ShouldQueue {

use Queueable;

/**
 * Create a new notification instance.
 *
 * @return void
 */

protected $password;
protected $name;

public function __construct($password, $name) 
{
    $this->password = $password;
    $this->name = $name;
}

/**
 * Get the notification's delivery channels.
 *
 * @param  mixed  $notifiable
 * @return array
 */
public function via($notifiable) 
{
    return ['mail'];
}

/**
 * Get the mail representation of the notification.
 *
 * @param  mixed  $notifiable
 * @return \Illuminate\Notifications\Messages\MailMessage
 */
public function toMail($notifiable) {
    $recipient_name = $this->name;
    $recipient_password = $this->password;
    $app_name = config('app.name');
    return (new MailMessage)
                    ->subject("Registration on $app_name")
                    ->greeting("Hello $recipient_name,")
                    ->line("We write to notify you that an account has been opened for you on $app_name")
                    ->line('Your login password is as follows:')
                    ->line("$recipient_password")
                    ->line('You can use this email and the password above to login via the link below')
                    ->action('Login here', url('/login'))
                    ->line('Please contact the head of I.T. department for more information!');
}

/**
 * Get the array representation of the notification.
 *
 * @param  mixed  $notifiable
 * @return array
 */
public function toArray($notifiable) {
    return [
            //
    ];
}

}

我在应用程序的某处将其称为如下：

$user->notify(new RegistrationSuccessful($new_password, $user->name));

谢谢。

Answer 1

尝试从不同的浏览器窗口或不同的设备登录新用户。如果您有一个仍以管理员身份登录的选项卡，则浏览器将在该浏览器窗口中发送带有任何请求的管理员会话 cookie。

它更像是浏览器而不是应用程序，但我认为您不必担心其他设备上的用户可以访问管理会话。