Login once, logged in everywhere. 在一处登录后,所有设备均显示已登录。 #109
Comments
|
这是已知问题,guards被缓存在单例中了。下个版本会修复。 |
|
Hi @hhxsv5, do you have an estimated date to release? |
|
@ibrunotome It has not been solved yet, a bit troublesome. |
|
@hhxsv5 in swooletw/laravel-swoole I was able to solve reseting the providers: Illuminate\Auth\AuthServiceProvider::class,
Tymon\JWTAuth\Providers\LaravelServiceProvider::class,
Illuminate\Pagination\PaginationServiceProvider::class,But I can't replicate in your package. |
|
@ibrunotome The solution is much the same Try the following methods:
# config/laravels.php
'register_providers' => [
App\Providers\AuthServiceProvider::class,
//...
],
Event::listen('laravels.received_request', function (\Illuminate\Http\Request $req, $app) {
Facade::clearResolvedInstance('auth');
}); |
|
@hhxsv5 I tried this yesterday reading some other issues, no success too. Do you have plans to implement the |
|
@ibrunotome In the next few days, I will delve into this issue and try to give a solution.
|
|
Both setps must be done will solve this problem. Step1: Re-register providers : config/laravels.php Setp2: Clear facade in event (App\Providers\EventServiceProvider::class) Event::listen('laravels.received_request', function (\Illuminate\Http\Request $req, $app) { try reregist almost all providers. |
|
问题还是存在啊! |
刚开始的时候是可以的。过一段时间以后就有问题了,试试把所有providers都加近去吧。我正在测试 |
|
把所有providers都加进去,也不行。 |
|
=,= 所以修复版本会在何时发布呢? 可以说这个 bug 将导致无法生产, 不是应该列入紧急修复列表么。 试问guard缓存的管理员权限被普通用户所使用, 就很可能可以窃取到管理员的信息(比如apiToken, 再比如邮箱, 订单管理, 甚至是金额调用) |
|
还是解决不了 |
|
解决方法: 第二步,建立全局中间件 EveryRequest.php 以上2步缺一不可 |
| PHP | 7.2.15 | 问题还是存在 |
|
@pingcheng |
好的 谢谢,我先尝试一下,感觉这样需要reset的类有点多 |
|
It's work for me: class ClearUserForSwoole
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (Auth::check()) {
$guard = app(\Illuminate\Auth\AuthManager::class)->guard('api');
$guardRef = new \ReflectionObject($guard);
$userRef = $guardRef->getProperty('user');
$userRef->setAccessible(true);
$userRef->setValue($guard, null);
}
return $next($request);
}
} |
|
No one of the suggestions above have worked for me :/ |
|
@hhxsv5 3.3.10版本解决这个bug没有 目前有没有好的方案处理 感谢了 |
|
@u5de6 using which settings in config/laravels.php? |
|
Sorry, I am busy at work now, and will start to check this issue in my free time at night. |
|
加油鸭!!!!快点解决 |
|
@ALL After a week of debugging, I have passed the test locally for the Laravel/Lumen 5.1-5.8 user authorization. Please try the |
|
And you need to republish configuration |
|
@hhxsv5 Tested, I'm getting logged out using tymon jwt |
|
@ibrunotome Please tell me the specific version of laravel & jwt. |
|
@ibrunotome Added JWTCleaner in 'cleaners' => [
Hhxsv5\LaravelS\Illuminate\Cleaners\SessionCleaner::class,
Hhxsv5\LaravelS\Illuminate\Cleaners\AuthCleaner::class,
Hhxsv5\LaravelS\Illuminate\Cleaners\JWTCleaner::class,
// ...
], |
|
@hhxsv5 Confirmed, it's working now :) Nice job! |
|
Thank you. @ibrunotome |
|
Good job! |
|
+--------------------------+-----------------------------------------+ Auth::User串号,auth清理不成功,最后我将AuthCleaner修改了就好了 求大神解释下 <?php
namespace Hhxsv5\LaravelS\Illuminate\Cleaners;
use Illuminate\Container\Container;
use Illuminate\Support\Facades\Facade;
class AuthCleaner extends BaseCleaner
{
private $guards;
public function __construct(Container $currentApp, Container $snapshotApp)
{
………………
}
public function clean()
{
…………
$this->currentApp->forgetInstance('auth');
Facade::clearResolvedInstance('auth');
}
} |
|
Do not add |
Tell us your software version
7.2.124.2.10-alpha5.7.*Detail description about this issue(error/log)
使用 Laravel 内置的用户系统时,只要在一处登录,在其他任何地方访问均显示我已登录,清空 Cookies 也无效。
我已经按照 这里为什么注释掉了. 我打开注释登录用户才算正常? 有坑吗? #99、 使用 jwt 时,auth 获取当前登录用户有问题。 #50 中的描述设置了
config/laravels.php中的「register_providers」,但是并没有用。按照前一个 issue 提出者所说将cleanRequest函数里那两行取消注释,还是这样。这个 bug 并不稳定,不能 100% 复现。但它的确存在,用一个从未访问过此网站的手机打开也可能触发。
我觉得就是那两个 issue 中的相关问题,但我想知道如何修复。
When I use the built-in user system of Laravel, if I login once, the site shows I am logged in everywhere, even after I cleaned my cookies.
I have set the "register_providers" in
config/laravels.phpto the following as mentioned in 这里为什么注释掉了. 我打开注释登录用户才算正常? 有坑吗? #99 and 使用 jwt 时,auth 获取当前登录用户有问题。 #50, but it did no good. Neither did uncommenting the two lines in thecleanRequestfunction.This bug isn't consistent, but it does exists. I have ever used a phone that never visited the site to browse it, and it said I was logged in.
I think the bug is related to the two issues above. I want to know how to fix it.
config/laravels.php:请求头中没有 cookies,但还是显示已登录。
No cookies passed to server. Still shows logged in.
Give us a
reproduciblecode block andsteps创建一个最简单的应用:
laravel new test,进入目录,用 composer 安装 laravel-s。php artisan laravels publish,修改config/laravels.php。php artisan migrate。http://127.0.0.1:5200注册并登录。Just create a most simplified application (also the steps to have this bug):
laravel new testand cd into it, install laravel-s via composer.php artisan laravels publishand modify theconfig/laravels.phpfile.php artisan make:authto enable the user system.php artisan migrate.http://127.0.0.1:5200, register a user, login.The text was updated successfully, but these errors were encountered: