php - laravel 负载均衡如何实现csrf防御?

Question

laravel默认开启csrf,使用的是csrf_token()生成一个随机字符串保存在浏览器和session文件中.然后根据浏览器返回的cookie来找到对应的session文件,获取其中的token进行对比.但是问题是如果使用负载均衡,配置几台服...

黄舟 · Answer

session入库，入库后就能共享了

为情所困 · Answer

这和 nginx 没有什么关系, 你需要的是修改 Session Driver


    /*
    |--------------------------------------------------------------------------
    | Default Session Driver
    |--------------------------------------------------------------------------
    |
    | This option controls the default session "driver" that will be used on
    | requests. By default, we will use the lightweight native driver but
    | you may specify any of the other wonderful drivers provided here.
    |
    | Supported: "file", "cookie", "database", "apc",
    |            "memcached", "redis", "array"
    |
    */

    'driver' => env('SESSION_DRIVER', 'file');