Laravel Cookie 存储空间在每隔几次访问后就会被超出
max*_*n15 5 php cookies session laravel
我对 laravel 的功能有一些疑问remember me。通常,laravel 添加一个会话 cookie、一个xsrf 令牌和一个具有随机哈希值的第三个 cookie。(下图)
当我遵循正常的登录-执行操作-注销-重复过程时,一切正常。不添加额外的cookie。
如果我登录,关闭浏览器,然后再次访问该网站,则会添加另一个 cookie。这看起来像第三块饼干。在重复这个特定的流程时,我发现饼干有很大的膨胀。我什至不确定所有这些都被使用了。(下图)
当我remember me在登录时检查时,会添加另一个Remember_me令牌。当我关闭浏览器窗口并再次访问该网站时,我会自动登录。与上面的情况类似,当我重复此过程几次时,会添加越来越多的 cookie。(下图)
最终,我收到一条错误消息
Bad request Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.
Cookie
此后该网站甚至无法打开,除非我手动清除 cookie。
我的问题是,当我遇到上述情况时,如何删除旧的 cookie?Laravel 有什么办法可以解决我可能缺少的问题吗?当每次访问都会生成新的 cookie 时,有什么方法可以删除旧的 cookie?
唯一与我最接近的问题是这个,但答案对我不起作用。
我正在使用 Laravel AuthController,我的session.php样子是这样的:
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => env('SESSION_DRIVER'),
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 120,
'expire_on_close' => true,
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/
'encrypt' => true,
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/
'files' => storage_path('framework/sessions'),
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => null,
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/
'table' => 'sessions',
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [2, 100],
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => 'zpz_session',
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/
'path' => '/',
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => null,
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => false,
];
Cookie 标头的限制为 4096 字节 ( /sf/answers/3674505411/ ),并且您会收到此错误,因为加密的 cookie 非常大,并且每个创建的 cookie 都会向 cookie 标头添加越来越多的字节。
可能的解决方案:
- 将大量数据存储在数据库而不是 cookie 上,并且仅将 cookie 用于参考。
- 禁用 cookie 加密
'encrypt' => false,并避免将敏感信息存储到 cookie 中。 - 禁用 laravel 加密 cookie 并将您自己的加密添加到 cookie 内容中。
| 归档时间: |
|
| 查看次数: |
3159 次 |
| 最近记录: |