Logging out with HTTP Basic Auth in Laravel

2019-02-17 01:40发布

站内问答 / PHP
1109 4 4

I have one user class which consists of two types of users and want to allow different users to go to different pages.

I have created a filter as follows

Route::filter('isExpert', function()
{
    $userIsExpert = 0;
    $userIsLoggedIn = Auth::check();
    if ($userIsLoggedIn && Auth::user()->role == 'expert') {
    $userIsExpert = 1;
    }

    Log::info('Logged in: ' . $userIsLoggedIn . ' && Expert: ' . $userIsExpert);
    if ($userIsExpert == 0)
    {
        Log::info('should be logging out now.');
        Auth::logout();
        return Auth::basic();
    }
});

And routing like so

Route::get('/winners', array('before' => 'isExpert', function()
{
    $winners = DB::select('select * from winners');
    return View::make('winners.index')->with('winners',$winners);
}));

The thought is this: If it's not an expert, it will logout and redirect to login page. If it is, it will simply continue. However, Auth::logout(); doesn't ever log out the user.

Question

Why is not Auth::logout() working? I've tried placing it anywhere in the app to no avail.

cheers

4条回答
ら.Afraid
2楼-- · 2019-02-17 02:21

If you implemented these methods in User.php

/**
 * Get the e-mail address where password reminders are sent.
 *
 * @return string
 */
public function getReminderEmail()
{
    return $this->email;
}

public function getRememberToken()
{
    return $this->remember_token;
}

public function setRememberToken($value)
{
    $this->remember_token = $value;
}
    public function getRememberTokenName()
{
    return 'remember_token';
}

add new column with name 'remember_token' to your table 'users' in mysql database, and then log out, finally it solved successfully. to alternate you table use this SQL Command:

ALTER TABLE users ADD remember_token TEXT;

and then press 'Go' button.

查看更多
0人赞 添加讨论(0) 举报
淡お忘
3楼-- · 2019-02-17 02:34

I had the same problem, I really couldn't logout the current user... And the answer is simple: Laravel doesn't support logout() with Auth::basic().

There are ways to fix it, but it's not very clean; https://www.google.nl/search?q=logout+basic

查看更多
0人赞 添加讨论(0) 举报
冷血范
4楼-- · 2019-02-17 02:37

This is not a limitation to Laravel, HTTP Basic Authorization is not designed to handle logging out. The client will remain logged in until the browser is closed.

HTTP Basic Authorization really shouldn't be used in any public production environment. Here are some reasons why:

  • No way to give users a "remember me"-option on the login form.
  • Password managers have no or lacking support for HTTP Basic Auth, as it is not rendered HTML but a native popup.
  • Terrible user experience. Putting together a proper login form is well worth the little time it takes.

The only valid case I can think of is to protect public development-subdomains like dev.example.com, but there are better ways to solve that as well.

查看更多
0人赞 添加讨论(0) 举报
叛逆
5楼-- · 2019-02-17 02:37

The easiest way that I've found for that is to redirect to invalid username/password on logout route. Example:

Route::get('admin/logout', function() {
    return Redirect::to(preg_replace("/:\/\//", "://log-me-out:fake-pwd@", url('admin/logout')));
});
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)