问题
I have a simple admin area where I can update some aspects of a website. since I'll be the only one accessing it I thought of using the auth.basic functionality of Laravel 4.
I built a group on my routes.php file that adds the auth.basic filter to several resources at once:
//routes.php
// Password protected routes
Route::group(['before' => 'auth.basic'], function () {
Route::get('admin', ['as' => 'admin', 'uses' => 'AdminController@index']);
Route::resource('admin', 'AdminController');
Route::resource('users', 'UsersController');
Route::resource('pizzas', 'PizzasController');
});
The routes are protected (as they should) and I have to fill a pop-up authentication form when I access any of those routes for the first time.
Here's the problem: I believe the authenticated session should expire once I close the browser. This is not happening. Even if the browser is closed for hours it still "remembers me".
- I tried setting
'lifetime' => 0,onconfig/session.php.
What can I do to fix this issue?
Thanks.
回答1:
To clear auth.basic session also, you can use,
Auth::logout();
Or
Auth::clearUserDataFromStorage();
See API Doc here
回答2:
Going to config/session.php and setting 'lifetime' => 0, then restarting Windows, fixed it for Firefox and IE9, but not for Chrome on the development machine.
However, Chrome did work as expected when accessing the page from a different computer (not the one serving the page).
Considering nobody will be accessing the site from the server (once it goes live) I'll just live with it.
回答3:
i think that chrome save auth info and send in any request. So it can be separate from session.
you can check it with chrome dev tools -> net tab. in any request chrome automatically send auth info.
you can check
auth.basic.once
also.
来源:https://stackoverflow.com/questions/19095856/laravel-4-auth-basic-filter-session-doesnt-expire-how-to-expire-auth-basic