在LARLAVEL 5中处理过期令牌的最佳方式是什么?
我的意思是我有一个页面,它有一些执行ajax请求的链接.加载页面时,它们工作正常,但当我等待某个时间时,会出现令牌不匹配错误.
现在,我必须刷新页面才能使其再次工作.但是,我不想刷新页面.我想要一些方法来刷新令牌或其他解决方法来修复它.
我希望你明白我的意思.
在LARLAVEL 5中处理过期令牌的最佳方式是什么?
我的意思是我有一个页面,它有一些执行ajax请求的链接.加载页面时,它们工作正常,但当我等待某个时间时,会出现令牌不匹配错误.
现在,我必须刷新页面才能使其再次工作.但是,我不想刷新页面.我想要一些方法来刷新令牌或其他解决方法来修复它.
我希望你明白我的意思.
Update 2021:
Hello Stackoverflow! It seems that the answer we've posted a few years ago has sparked some controversy.
To sum it up, the approach we've posted does solve the technical aspect of the problem. However, from web security standpoint it seems to be debatable.
With our limited expertise, we still believe our solution is viable, but to reduce doubt please make sure to go through the comments section as well as the answer posted by Ryan since they think otherwise before you make your decision. Thanks.
Original Answer From 2015个
a work around for it, is to actually get the new token every certain time, otherwise you are defeating the purpose of the csrf token:
<html>
<head>
<meta name="csrf_token" content="{{ csrf_token() }}">
</head>
<body>
<script type="text/javascript">
var csrfToken = $('[name="csrf_token"]').attr('content');
setInterval(refreshToken, 3600000); // 1 hour
function refreshToken(){
$.get('refresh-csrf').done(function(data){
csrfToken = data; // the new token
});
}
setInterval(refreshToken, 3600000); // 1 hour
</script>
</body>
</html>
在幼体路由中
Route::get('refresh-csrf', function(){
return csrf_token();
});
I apologize in case of any syntax errors, haven't used jquery for long time, but i guess you get the idea