Login once, logged in everywhere. 在一处登录后，所有设备均显示已登录。

[moycat]

1. Tell us your software version

   Software	Version
   PHP	7.2.12
   Swoole	4.2.10-alpha
   Laravel/Lumen	5.7.*

2. Detail description about this issue(error/log)

   使用 Laravel 内置的用户系统时，只要在一处登录，在其他任何地方访问均显示我已登录，清空 Cookies 也无效。

   我已经按照 这里为什么注释掉了. 我打开注释登录用户才算正常? 有坑吗? #99、 使用 jwt 时，auth 获取当前登录用户有问题。 #50 中的描述设置了 config/laravels.php 中的「register_providers」，但是并没有用。按照前一个 issue 提出者所说将 cleanRequest 函数里那两行取消注释，还是这样。

   这个 bug 并不稳定，不能 100% 复现。但它的确存在，用一个从未访问过此网站的手机打开也可能触发。

   我觉得就是那两个 issue 中的相关问题，但我想知道如何修复。

   When I use the built-in user system of Laravel, if I login once, the site shows I am logged in everywhere, even after I cleaned my cookies.

   I have set the "register_providers" in config/laravels.php to the following as mentioned in 这里为什么注释掉了. 我打开注释登录用户才算正常? 有坑吗? #99 and 使用 jwt 时，auth 获取当前登录用户有问题。 #50, but it did no good. Neither did uncommenting the two lines in the cleanRequest function.

   This bug isn't consistent, but it does exists. I have ever used a phone that never visited the site to browse it, and it said I was logged in.

   I think the bug is related to the two issues above. I want to know how to fix it.

   config/laravels.php:

return [
    //......
    'register_providers'       => [
        '\App\Providers\AuthServiceProvider',
        '\Illuminate\Auth\AuthServiceProvider',
        '\Illuminate\Auth\Passwords\PasswordResetServiceProvider',
    ],
    //......
];

请求头中没有 cookies，但还是显示已登录。

No cookies passed to server. Still shows logged in.

3. Give us a reproducible code block and steps

   创建一个最简单的应用：

   1. laravel new test，进入目录，用 composer 安装 laravel-s。
   2. php artisan laravels publish，修改 config/laravels.php。
   3. 使用 SQLite 数据库（只是简单起见，用 PostgreSQL 也一样），php artisan migrate。
   4. 打开 http://127.0.0.1:5200 注册并登录。
   5. 清除 Cookies / 关闭浏览器，再打开这个站点，依然显示已登录。

   Just create a most simplified application (also the steps to have this bug):

   1. laravel new test and cd into it, install laravel-s via composer.
   2. php artisan laravels publish and modify the config/laravels.php file.
   3. php artisan make:auth to enable the user system.
   4. Change the database to SQLite (just to simplify. using PostgreSQL doesn't help), and php artisan migrate.
   5. Open http://127.0.0.1:5200, register a user, login.
   6. Clean the cookies / close the browser / change the device, re-open the site. It shows you are still online.

[hhxsv5]

这是已知问题，guards被缓存在单例中了。下个版本会修复。

[ibrunotome]

Hi @hhxsv5, do you have an estimated date to release?

[hhxsv5]

@ibrunotome It has not been solved yet, a bit troublesome.

[ibrunotome]

@hhxsv5 in swooletw/laravel-swoole I was able to solve reseting the providers:

        Illuminate\Auth\AuthServiceProvider::class,
        Tymon\JWTAuth\Providers\LaravelServiceProvider::class,
        Illuminate\Pagination\PaginationServiceProvider::class,

But I can't replicate in your package.

[hhxsv5]

@ibrunotome The solution is much the same

Try the following methods：

• Re-register providers

# config/laravels.php
'register_providers'       => [
    App\Providers\AuthServiceProvider::class,
    //...
],

• Clear facade in event

Event::listen('laravels.received_request', function (\Illuminate\Http\Request $req, $app) {
     Facade::clearResolvedInstance('auth');
 });

[ibrunotome]

@hhxsv5 I tried this yesterday reading some other issues, no success too. Do you have plans to implement the go() method like this guy https://github.com/scil/LaravelFly too?

[hhxsv5]

@ibrunotome In the next few days, I will delve into this issue and try to give a solution.

• About coroutine, there are a large number of singletons and static properties in Laravel, they are unsafe in coroutine, so I want LaravelS to run in synchronous mode, not in coroutine mode.
• At the same time, smf will come out, a minimalist coroutine micro-framework.

[jianhuawang]

Both setps must be done will solve this problem.

Step1: Re-register providers : config/laravels.php
'register_providers' => [
Illuminate\Auth\AuthServiceProvider::class,
Illuminate\Broadcasting\BroadcastServiceProvider::class,
Illuminate\Bus\BusServiceProvider::class,
Illuminate\Cache\CacheServiceProvider::class,
Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
Illuminate\Cookie\CookieServiceProvider::class,
Illuminate\Database\DatabaseServiceProvider::class,
Illuminate\Encryption\EncryptionServiceProvider::class,
Illuminate\Filesystem\FilesystemServiceProvider::class,
Illuminate\Foundation\Providers\FoundationServiceProvider::class,
Illuminate\Hashing\HashServiceProvider::class,
Illuminate\Mail\MailServiceProvider::class,
Illuminate\Notifications\NotificationServiceProvider::class,
Illuminate\Pagination\PaginationServiceProvider::class,
Illuminate\Pipeline\PipelineServiceProvider::class,
Illuminate\Queue\QueueServiceProvider::class,
Illuminate\Redis\RedisServiceProvider::class,
Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
Illuminate\Session\SessionServiceProvider::class,
Illuminate\Translation\TranslationServiceProvider::class,
Illuminate\Validation\ValidationServiceProvider::class,
Illuminate\View\ViewServiceProvider::class,
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\RouteServiceProvider::class,
],

Setp2: Clear facade in event (App\Providers\EventServiceProvider::class)
use Illuminate\Support\Facades\Facade;

Event::listen('laravels.received_request', function (\Illuminate\Http\Request $req, $app) {
Facade::clearResolvedInstance('auth');
});

try reregist almost all providers.

[star-xiong]

问题还是存在啊！

[jianhuawang]

问题还是存在啊！

刚开始的时候是可以的。过一段时间以后就有问题了，试试把所有providers都加近去吧。我正在测试

[star-xiong]

把所有providers都加进去，也不行。

[greenhat616]

=，= 所以修复版本会在何时发布呢？ 可以说这个 bug 将导致无法生产， 不是应该列入紧急修复列表么。 试问guard缓存的管理员权限被普通用户所使用， 就很可能可以窃取到管理员的信息（比如apiToken， 再比如邮箱， 订单管理， 甚至是金额调用）

[Yoruchiaki]

还是解决不了

[flymorn]

解决方法：
第一步：config/laravels.php

'register_providers' => [
        // 重载auth相关服务
        \Illuminate\Auth\AuthServiceProvider::class,
        \App\Providers\AuthServiceProvider::class,
        /*\Tymon\JWTAuth\Providers\LaravelServiceProvider::class,*/
    ]

第二步，建立全局中间件 EveryRequest.php

public function handle($request, Closure $next)
    {
        // swoole请求进来的时候删掉缓存
        if (PHP_SAPI == 'cli') {
            \Illuminate\Support\Facades\Facade::clearResolvedInstance('auth');// swoole下解决auth单例问题
        }

        return $next($request);
    }

以上2步缺一不可