使用 Yii1 的 CSRF 令牌到 Yii2 中。

huangapple go评论71阅读模式
英文:

Use Yii1 CSRF Token into Yii2

问题

我正在逐渐将Yii1应用程序迁移到Yii2。在整个项目迁移之前,Yii1和Yii2应该一起工作。为了做到这一点,我已经下载了Yii基本应用程序并将其放在根目录下。然后在Yii1/protected/config/main.php中进行了更改,以在Yii1和Yii2之间共享会话。

'components' => array(
    'session' => array(
        'class' => 'CDbHttpSession',
        'sessionTableName' => 'session',
    ),
    'user' => array(
        'allowAutoLogin' => true,
        'authTimeout' => 3600 * 24 * 30,
        'stateKeyPrefix' => ''
    ),
)

在上述更改之后,Yii1和Yii2共享相同的会话。

目前用户通过Yii1登录。那么我如何将Yii1的CSRF传递给Yii2?以便两个应用程序使用相同的CSRF令牌。目前,当Yii2生成CSRF时,Yii1的CSRF变得无效。

我想要的是将Yii1的CSRF设置到会话中,然后在Yii2中使用会话中的值生成CSRF。但不确定如何在Yii2中实现这一点。

我已经在Yii 2的全局控制器中尝试了以下方法。

Yii::$app->getSession()->set(Yii::$app->request->csrfParam, $_SESSION['csrf_token_value']);

这样我就可以在Yii2中使用Yii1的CSRF了,但不确定如何在Yii2中使用它。

英文:

I am trying to migrate Yii1 application into Yii2 gradually. Until the whole project migrates Yii1 & Yii2 should work together. To do that what i have done is downloaded the Yii Basic and places it on root directory. Then made changes in Yii1/protected/config/main.php to share session between Yii1 & Yii2.

components => array(
	'session' => array(
		'class' => 'CDbHttpSession',
		'sessionTableName' => 'session',
	),
	'user' => array(
		'allowAutoLogin' => true,
		'authTimeout' => 3600 * 24 * 30,
		'stateKeyPrefix' => ''
	),
)

After above change Yii1 & Yii2 shares the same session.

As of now user login through Yii1. So how can i pass the Yii1's CSRF into Yii2? So both application works with the same CSRF token. As of When ever yii2 generates the CSRF, yii1's CSRF got invalid

What i am thing is set Yii1's CSRF into Session and then in Yii2 generates the CSRF using the value from session. But not sure how to achieve that in Yii2?

I have tried below in my global controller in Yii 2.

Yii::$app->getSession()->set(Yii::$app->request->csrfParam,$_SESSION['csrf_token_value']);

So i will have Yii 1's CSRF into Yii2 But not sure how to use that in Yii 2.

答案1

得分: 0

我已通过更改Yii2应用程序的CSRF参数名称来解决此问题。

即:

'request' => [
'cookieValidationKey' => 'XXXXXXXXXXXXXXXXX',
'enableCsrfValidation' => true,
'csrfParam' => 'yii2_csrf'
],

英文:

i have resolved it by changing the CSRF Param name for Yii2 application and it resolved the issue.

i.e.

'request' => [
        'cookieValidationKey' => 'XXXXXXXXXXXXXXXXX',
        'enableCsrfValidation' => true,
        'csrfParam' => 'yii2_csrf'
    ],

huangapple
  • 本文由 发表于 2020年1月6日 21:29:55
  • 转载请务必保留本文链接:https://go.coder-hub.com/59613015.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定