Сеансов, не сохраняющихся под SSL - Laravel
Я создал сервер SOAP, чтобы общаться с Quickbooks по маршруту Laravel. Когда я аутентифицирую пользователя на сервере Quickbooks, он возвращает массив данных и успешно регистрирует пользователя. Напр.:
{"_token":"sOGtZdfUBIfCvktBqareEePSC9ftgPKAEHCe3zXs","login_82e5d2c56bdd0811318f0cf078b78bfc":4,"ticket":"$2y$10$0SC02pDGhmY.b/gsxPJrEe9jc3rmy4d7mxij7OmHz10jes77oPsba"}
Как только он вызывает следующий метод, сессия не сохраняется и возвращает только:
array (
'_token' => 'jZSu0VGCs3SgHM3Em7BnyhHPequCYDxC1Zj0dvs3',
)
Благодаря обычному небезопасному HTTP-соединению он работает нормально и сохраняет данные без проблем. Что-то не так с моим файлом конфигурации сессий, что это мешает?
return array(
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => 'file',
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 120,
'expire_on_close' => false,
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/
'files' => storage_path().'/sessions',
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => null,
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/
'table' => 'sessions',
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => array(2, 100),
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => 'laravel_session',
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/
'path' => '/',
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => null,
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => false,
);
Вот метод аутентификации:
public function authenticate(StdClass $response)
{
$criteria = array(
'username' => $response->strUserName,
'password' => $response->strPassword
);
$ticket_information = '';
//Login failed - return with non valid username
$somethingToDo = 'nvu';
if (Auth::attempt($criteria)) {
//Create a new ticket with bcrypt
$ticket_information = password_hash(time() . 'quickbooks', PASSWORD_DEFAULT);
//Store ticket under session for future reference
Session::put('ticket', $ticket_information);
Log::info('Successfully logged in!');
//Find out if we have anything to process...
list($total, $lefToProcess) = QuickbooksData::findIfAnythingNeedsToBeDone();
Log::info($total);
//Check to see if there is anything to process in the database, if there is than we
// return '' otherwise we need to return 'none'
$somethingToDo = '';
if ($total <= 0)
$somethingToDo = 'none';
}
$result = array($ticket_information, $somethingToDo, '', '');
return (object) array('authenticateResult' => $result);
}
Спасибо за любую помощь!
1 ответ
Я закончил использовать нативные сессии PHP вместо использования Laravel для обработки, и все, казалось, работало правильно.