php - laravel 負載平衡如何實現csrf防禦?

Question

laravel預設開啟csrf,使用的是csrf_token()產生一個隨機字串保存在瀏覽器和session檔案中.然後根據瀏覽器返回的cookie來找到對應的session檔案,獲取其中的token進行對比.但是問題是如果使用負載平衡,配置幾台服...

黄舟 · Answer

session入庫，入庫後就能共享了

为情所困 · Answer

這和 nginx 沒有什麼關係, 你需要的是修改 Session Driver


    /*
    |--------------------------------------------------------------------------
    | Default Session Driver
    |--------------------------------------------------------------------------
    |
    | This option controls the default session "driver" that will be used on
    | requests. By default, we will use the lightweight native driver but
    | you may specify any of the other wonderful drivers provided here.
    |
    | Supported: "file", "cookie", "database", "apc",
    |            "memcached", "redis", "array"
    |
    */

    'driver' => env('SESSION_DRIVER', 'file');