Laravel enables csrf by default, using csrf_token() to generate a random string and save it in the browser and session file. Then find the corresponding session file based on the cookie returned by the browser, and obtain the token for comparison.
But the problem is that if you use load balancing and configure several servers, you cannot obtain the token for verification through the session file saved on the server. Multiple servers correspond to one website. How to use laravel's csrf defense? Is it possible to set it up? Session file sharing to solve this problem? If so, how to set it up on nginx?
2
0
0
The session is stored in the database and can be shared after being stored in the database
This has nothing to do with nginx, what you need is to modify the Session Driver
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => env('SESSION_DRIVER', 'file');
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
