search

Home  >  Q&A  >  body text

php - How does laravel load balancing implement csrf defense?

Laravel enables csrf by default, using csrf_token() to generate a random string and save it in the browser and session file. Then find the corresponding session file based on the cookie returned by the browser, and obtain the token for comparison.
But the problem is that if you use load balancing and configure several servers, you cannot obtain the token for verification through the session file saved on the server. Multiple servers correspond to one website. How to use laravel's csrf defense? Is it possible to set it up? Session file sharing to solve this problem? If so, how to set it up on nginx?

phpcn_u1582phpcn_u15822776 days ago1009

reply all(2)I'll reply

  • 黄舟

    黄舟2017-06-05 11:11:22

    The session is stored in the database and can be shared after being stored in the database

    reply
    0
  • 为情所困

    为情所困2017-06-05 11:11:22

    This has nothing to do with nginx, what you need is to modify the Session Driver

    
        /*
        |--------------------------------------------------------------------------
        | Default Session Driver
        |--------------------------------------------------------------------------
        |
        | This option controls the default session "driver" that will be used on
        | requests. By default, we will use the lightweight native driver but
        | you may specify any of the other wonderful drivers provided here.
        |
        | Supported: "file", "cookie", "database", "apc",
        |            "memcached", "redis", "array"
        |
        */
    
        'driver' => env('SESSION_DRIVER', 'file');

    reply
    0
  • Cancelreply