问题
I have a Laravel 4.1 app using the eloquent authentication driver and the database session driver. My authentication controller is successfully running Auth::attempt and redirecting to a new page. However, once on the new page the authentication session data seems to be gone. I have an auth filter running on the redirected-to page and it fails, which then redirects the user to the login page again. The user never gets past the login page.
Here is my session.php:
<?php
return array(
'driver' => 'database',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => 'mysql',
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
My sessions table schema:
CREATE TABLE `sessions` (
`id` varchar(32) NOT NULL,
`payload` text NOT NULL,
`last_activity` int(11) NOT NULL,
UNIQUE KEY `id` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
And my auth filter:
Route::filter('auth', function()
{
if (Auth::guest()) {
if ( Request::ajax() ) {
return Response::make("Your session has timed out. Please sign in again.", 401);
} else {
return Redirect::guest('login');
}
}
});
The Auth::guest() call in the auth filter always returns false.
I added some Logging to the user() method of Illuminate/Auth/Guard.php and found that in the POST from the login form, the authentication data was in the session when the user() method was called. However, when it is called from the auth filter on the redirect (Auth::guest() indirectly calls the user() method), the session data is gone.
Here is the user() method, for reference:
public function user()
{
if ($this->loggedOut) return;
// If we have already retrieved the user for the current request we can just
// return it back immediately. We do not want to pull the user data every
// request into the method because that would tremendously slow an app.
if ( ! is_null($this->user))
{
return $this->user;
}
$id = $this->session->get($this->getName());
// First we will try to load the user using the identifier in the session if
// one exists. Otherwise we will check for a "remember me" cookie in this
// request, and if one exists, attempt to retrieve the user using that.
$user = null;
if ( ! is_null($id))
{
$user = $this->provider->retrieveByID($id);
}
// If the user is null, but we decrypt a "recaller" cookie we can attempt to
// pull the user data on that cookie which serves as a remember cookie on
// the application. Once we have a user we can return it to the caller.
$recaller = $this->getRecaller();
if (is_null($user) && ! is_null($recaller))
{
$user = $this->getUserByRecaller($recaller);
}
return $this->user = $user;
}
When user() is called from the auth filter, $this->loggedOut is false, but $this->user is null and $this->session->get($this->getName()) returns null.
It does not appear that Auth::logout() is being called at any point.
回答1:
The id field of the sessions table needs to have a length of at least 40 because Laravel uses a sha1 hash as the session id.
回答2:
I had a similar issue where the session was not persisting between requests when I deployed my site to a digital ocean instance and I spent a few days searching for an answer to fix this issue since the site was working fine in a local vagrant machine. The solution to my problem was that on the User model I had to change the getAuthPassword function return statement from "$this->password" to "$this->Password" which it is the column name in the database.
public function getAuthPassword()
{
return $this->Password;
}
来源:https://stackoverflow.com/questions/23499753/laravel-4-1-authentication-session-data-not-persisting-across-requests