CakePHP 3.6更新后的无限登录循环

Question

在我的应用程序中，基于CakePHP，我正在使用。 当我使用URL / manager / login（对应于LoginController，Managerr前缀）登录时，一切正常。

当我退出或使用/ manager时，结果如下：

/manager/login?redirect=%2Fmanager%2Flogin%3Fredirect%3D%252Fmanager%252Flogin%253Fredirect%253D%25252Fmanager%25252Flogin%25253Fredirect%25253D%2525252Fmanager%2525252Flogin%2525253Fredirect%2525253D%252525252Fmanager%252525252Flogin%252525253Fredirect%252525253D%25252525252Fmanager%25252525252Flogin%25252525253Fredirect%25252525253D%2525252525252Fmanager%2525252525252Flogin%2525252525253Fredirect%2525252525253D%252525252525252Fmanager%252525252525252Flogin%252525252525253Fredirect%252525252525253D%25252525252525252Fmanager%25252525252525252Flogin%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmanager%2525252525252525252Flogin%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmanager%252525252525252525252Flogin%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fmanager%25252525252525252525252Flogin%25252525252525252525253Fredirect%25252525252525252525253D%2525252525252525252525252Fmanager%2525252525252525252525252Flogin%2525252525252525252525253Fredirect%2525252525252525252525253D%252525252525252525252525252Fmanager%252525252525252525252525252Flogin%252525252525252525252525253Fredirect%252525252525252525252525253D%25252525252525252525252525252Fmanager%25252525252525252525252525252Flogin%25252525252525252525252525253Fredirect%25252525252525252525252525253D%2525252525252525252525252525252Fmanager%2525252525252525252525252525252Flogin%2525252525252525252525252525253Fredirect%2525252525252525252525252525253D%252525252525252525252525252525252Fmanager%252525252525252525252525252525252Flogin%252525252525252525252525252525253Fredirect%252525252525252525252525252525253D%25252525252525252525252525252525252Fmanager%25252525252525252525252525252525252Flogin%25252525252525252525252525252525253Fredirect%25252525252525252525252525252525253D%2525252525252525252525252525252525252Fmanager%2525252525252525252525252525252525252Flogin%2525252525252525252525252525252525253Fredirect%2525252525252525252525252525252525253D%252525252525252525252525252525252525252Fmanager%252525252525252525252525252525252525252Fprofile

查询字符串中的无限循环，服务器返回404.15错误。

3.5

中使用的相同配置

$this->loadComponent('Auth', [
            'fields' => [
                'username' => 'email',
                'password' => 'password'
            ],
            'loginAction' => [
                'prefix' => 'manager',
                'controller' => 'Login',
                'action' => 'index',
                'plugin' => false
            ],
            'loginRedirect' => [
                'prefix' => 'manager',
                'controller' => 'Managers',
                'action' => 'index',
                'plugin' => false
            ],
            'logoutRedirect' => [
                'prefix' => 'manager',
                'controller' => 'Login',
                'action' => 'index',
                'plugin' => false
            ],
            'authenticate' => [
                'Form' => [
                    'passwordHasher' => [
                        'className' => 'DressFinder'
                    ],
                    'fields' => [
                        'username' => 'email',
                        'password' => 'password'
                    ],
                    'userModel' => 'Managers'
                ]
            ],
            'authError' => __('You are not authorized to access that location.'),
            'storage' => [
                'className' => 'Session',
                'key' => 'Auth.Managers'
            ]
        ]);

没有路由被更改，并且在没有前缀的控制器中，登录/ logut操作有效。

感谢您的帮助。

Answer 1

这是一个错误，身份验证组件将登录操作与当前URL（包括查询字符串参数）进行比较，这会导致不匹配，将用户视为未经身份验证，从而触发重定向到登录操作，其中相同的过程则再次开始。

这将在3.6.1中修复，如果您不能等待，请手动应用补丁，直到新版本可用。

见

• 的 https://github.com/cakephp/cakephp/issues/11943
• 的 https://github.com/cakephp/cakephp/pull/11949

Answer 2

这可能不是答案，我没有足够的声望来添加评论！ 您可以尝试将这些代码添加到TreeItem<String> rootItem = new TreeItem<String>("Site Equipment"); try (Statement st = conn.createStatement()) { ResultSet rs = st.executeQuery("SELECT siteDesignation, equipment, clID FROM Customer_EquipTree ORDER BY siteDesignation, equipment"); String currentSite = null; String currentEquipment = null; TreeItem<Sting> tiSite = null; TreeItem<String> tiEquipment = null; while (rs.next()) { String site = rs.getString(1); String equipment = rs.getString(2); String id = rs.getString(3); if (!site.equals(currentSite)) { currentSite = site; tiSite = new TreeItem<>(site); rootItem.getChildren().add(tiSite); currentEquipment = null; // equipment needs to be replaced too } if (!equipment.equals(currentEquipment)) { currentEquipment = equipment; tiEquipment = new TreeItem<>(equipment); tiSite.getChildren().add(tiEquipment); } tiEquipment.getChildren().add(new TreeItem<>(id)); } }     

routes.php

Answer 3

似乎默认情况下重定向不起作用。 在initialize中向AppController方法添加/调整以下内容应该可以正常工作。

$this->loadComponent('RequestHandler', [ 'enableBeforeRedirect' => false ]);