The csrf token is overwritten. Where to dig?

F

fStrange2019-09-25 01:46:46

Laravel

fStrange, 2019-09-25 01:46:46

Standard login form.
{{ csrf_field() }} in the view. Each time a new one when the page is reloaded.
Session::getId() is also new.
It is clear that because of this authorization does not work.
Changed session storage. From files to db. Sessions are created. Both in the file storage and in the database. Those. The problem is not write permissions.
added:
test.php

<?php 

session_start();
$_SESSION['a']  = $_SESSION['a']+1;

echo  $_SESSION['a'];

works in the browser as expected. Those. the value of $_SESSION['a'] is incremented on reboot. Those. in pure php sessions work.
In Laravel

Route::get('sesstest', function() {

    $v = session('a1');
    session(['a1' => $v+1]);
    dd(session()->all());
});

the conclusion is always the same. The value of token changes.

array:2 [▼
  "_token" => "sUl6aW71By6zBlU9VjsDipK6PqZUa3BYcPb46rbg"
  "a1" => 1
]

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

J

JhaoDa, 2019-09-25
@JhaoDa

For example, look at the session cookie. Does it exist, with what properties, does the browser accept it, does it give it back.