本文是小编为大家收集整理的关于Symfony。认证请求失败。无效的CSRF令牌的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。
问题描述
我在登录Symfony2应用程序时遇到以下错误:
[2014-06-27 00:36:22] Security.info:身份验证请求失败:无效的CSRF令牌. [] []
运行:
- Symfony2
- sonatauserbundle
- vagrant(通过puphpet.com使用木偶)
- Safari/OSX
相同的设置在Ubuntu主机系统上工作.
感谢您的任何帮助.
security.yml:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
invalidate_session : false
path: fos_user_security_logout
anonymous: true
switch_user: true
应用程序/sonata/userBundle/resources/views/security/login.html.twig
{% extends "FOSUserBundle::layout.html.twig" %}
{% trans_default_domain 'FOSUserBundle' %}
{% block fos_user_content %}
{% if error %}
<div class="alert alert-danger">
<button type="button" class="close" data-dismiss="alert">×</button>
{{ error|trans }}
</div>
{% endif %}
<form class="form-horizontal" action="{{ path("fos_user_security_check") }}" method="post">
<fieldset>
<legend>Login</legend>
<input type="hidden" name="_csrf_token" value="{{ csrf_token }}" />
<div class="form-group">
<label class="col-lg-2 control-label required" for="username">{{ 'security.login.username'|trans }}</label>
<div class="col-lg-5">
<input type="text" id="username" name="_username" placeholder="Username" value="{{ last_username }}" required="required" class="form-control" />
</div>
</div>
<div class="form-group">
<label class="col-lg-2 control-label required" for="password">{{ 'security.login.password'|trans }}</label>
<div class="col-lg-5">
<input type="password" id="password" name="_password" placeholder="Password" required="required" class="form-control" />
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-5">
<input type="checkbox" id="remember_me" name="_remember_me" value="on" />
<label for="remember_me">{{ 'security.login.remember_me'|trans }}</label>
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-5">
<a href="{{ path("fos_user_resetting_request") }}">{{ 'resetting.request.submit'|trans }}</a>
<input type="submit" id="_submit" name="_submit" value="{{ 'security.login.submit'|trans }}" class="btn btn-primary form-control" />
</div>
</div>
</fieldset>
</form>
{% endblock fos_user_content %}
fosuserbundle和sonatauserbundle的其他任何东西都使用
推荐答案
我现在可以解决我的问题.在会话保存路径上写入权限似乎是一个问题.如果我更改配置以使用默认会话保存路径如下:
# app/config/config.yml
framework:
session:
save_path: null
然后使用/var/lib/php/session而不是/var/www/myproject/app/cache/dev/sessions
/var/www/crowdcustoms/app/cache/dev/sessions上的权限:
drwxr-xr-x 4 501 dialout 136 Jun 29 20:37 sessions/
/var/lib/php/session
上的权限drwxrwxr-x 2 www-data www-data 4096 Jun 29 20:36 session
其他推荐答案
您忘记了上下文,csrf_token('authentication')应该执行技巧!
ref:安全/csrf_in_login_form.html
问题描述
I am getting the following error on logging in to a Symfony2 application:
[2014-06-27 00:36:22] security.INFO: Authentication request failed: Invalid CSRF token. [] []
Running on:
- Symfony2
- SonataUserBundle
- Vagrant (using puppet via Puphpet.com)
- Safari/OSX
Same setting is Working on an Ubuntu host system.
Thanks for any help.
security.yml:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
invalidate_session : false
path: fos_user_security_logout
anonymous: true
switch_user: true
Application/Sonata/UserBundle/Resources/views/Security/login.html.twig
{% extends "FOSUserBundle::layout.html.twig" %}
{% trans_default_domain 'FOSUserBundle' %}
{% block fos_user_content %}
{% if error %}
<div class="alert alert-danger">
<button type="button" class="close" data-dismiss="alert">×</button>
{{ error|trans }}
</div>
{% endif %}
<form class="form-horizontal" action="{{ path("fos_user_security_check") }}" method="post">
<fieldset>
<legend>Login</legend>
<input type="hidden" name="_csrf_token" value="{{ csrf_token }}" />
<div class="form-group">
<label class="col-lg-2 control-label required" for="username">{{ 'security.login.username'|trans }}</label>
<div class="col-lg-5">
<input type="text" id="username" name="_username" placeholder="Username" value="{{ last_username }}" required="required" class="form-control" />
</div>
</div>
<div class="form-group">
<label class="col-lg-2 control-label required" for="password">{{ 'security.login.password'|trans }}</label>
<div class="col-lg-5">
<input type="password" id="password" name="_password" placeholder="Password" required="required" class="form-control" />
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-5">
<input type="checkbox" id="remember_me" name="_remember_me" value="on" />
<label for="remember_me">{{ 'security.login.remember_me'|trans }}</label>
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-5">
<a href="{{ path("fos_user_resetting_request") }}">{{ 'resetting.request.submit'|trans }}</a>
<input type="submit" id="_submit" name="_submit" value="{{ 'security.login.submit'|trans }}" class="btn btn-primary form-control" />
</div>
</div>
</fieldset>
</form>
{% endblock fos_user_content %}
Anything else is used of the FOSUserBundle and SonataUserBundle
推荐答案
I could solve my problem now. It seems to be a problem with write permissions on the session save path. If I change the configuration to use the default session save path as following:
# app/config/config.yml
framework:
session:
save_path: null
Then /var/lib/php/session is used instead of /var/www/myproject/app/cache/dev/sessions
The permissions on /var/www/crowdcustoms/app/cache/dev/sessions:
drwxr-xr-x 4 501 dialout 136 Jun 29 20:37 sessions/
The permissions on /var/lib/php/session
drwxrwxr-x 2 www-data www-data 4096 Jun 29 20:36 session
其他推荐答案
You forgot the context, csrf_token('authentication') should do the trick!
Ref: http://symfony.com/doc/current/cookbook/security/csrf_in_login_form.html
更多相关问答
联系站长