
密码重置后,如果之前用户是点击了记住功能,且是永久记住,那不是密码改了 还是可以直接进入?

《L03 构架 API 服务器》
你将学到如 RESTFul 设计风格、PostMan 的使用、OAuth 流程,JWT 概念及使用 和 API 开发相关的进阶知识。
《L02 从零构建论坛系统》
以构建论坛项目 LaraBBS 为线索,展开对 Laravel 框架的全面学习。应用程序架构思路贴近 Laravel 框架的设计哲学。
讨论数量: 1


Route::post('password/reset', 'Auth\ResetPasswordController@reset')->name('password.update');
这个路由的 reset 方法可以看下,在

src/vendor/laravel/framework/src/Illuminate/Foundation/Auth/ResetsPasswords.php 中

     * Reset the given user's password.
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
    public function reset(Request $request)
        $this->validate($request, $this->rules(), $this->validationErrorMessages());

        // Here we will attempt to reset the user's password. If it is successful we
        // will update the password on an actual user model and persist it to the
        // database. Otherwise we will parse the error and return the response.
        $response = $this->broker()->reset(
            $this->credentials($request), function ($user, $password) {
                $this->resetPassword($user, $password);

        // If the password was successfully reset, we will redirect the user back to
        // the application's home authenticated view. If there is an error we can
        // redirect them back to where they came from with their error message.
        return $response == Password::PASSWORD_RESET
                    ? $this->sendResetResponse($response)
                    : $this->sendResetFailedResponse($request, $response);

里面调用了 resetPassword 方法

     * Reset the given user's password.
     * @param  \Illuminate\Contracts\Auth\CanResetPassword  $user
     * @param  string  $password
     * @return void
    protected function resetPassword($user, $password)
        $user->password = Hash::make($password);



        event(new PasswordReset($user));


这里是重置了 remember_token 字段,再重新登陆的

所以即使点击了记住功能,重置密码后 remember_token 也是不一样的了.

5年前 评论
