Community Learn Tools Library Leisure
search
English
php - How does laravel load balancing implement csrf defense?
phpcn_u1582
phpcn_u1582 2017-06-05 11:09:22
0
2
988

Laravel enables csrf by default, using csrf_token() to generate a random string and save it in the browser and session file. Then find the corresponding session file based on the cookie returned by the browser, and obtain the token for comparison.
But the problem is that if you use load balancing and configure several servers, you cannot obtain the token for verification through the session file saved on the server. Multiple servers correspond to one website. How to use laravel's csrf defense? Is it possible to set it up? Session file sharing to solve this problem? If so, how to set it up on nginx?

phpcn_u1582
phpcn_u1582

reply all(2)
黄舟
黄舟2017-06-05 11:11:22 2 floor

The session is stored in the database and can be shared after being stored in the database

Like +0
Add Reply
为情所困
为情所困2017-06-05 11:11:22 1 floor

This has nothing to do with nginx, what you need is to modify the Session Driver


    /*
    |--------------------------------------------------------------------------
    | Default Session Driver
    |--------------------------------------------------------------------------
    |
    | This option controls the default session "driver" that will be used on
    | requests. By default, we will use the lightweight native driver but
    | you may specify any of the other wonderful drivers provided here.
    |
    | Supported: "file", "cookie", "database", "apc",
    |            "memcached", "redis", "array"
    |
    */

    'driver' => env('SESSION_DRIVER', 'file');
Like +0
Add Reply
Popular Topics
More>
Popular Articles
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template