有关于laravel框架中Session的疑惑

session配置的是redis的驱动呀，但是为啥存入的key会是cache的prefix

1. _token 问题可以看下这个 CSRF 保护《Laravel 10 中文文档》
2. session 使用 redis 驱动，从源码来看其实是 Cache 的 RedisStore，配置文件有解释

// 配置文件文件 config/session.php

/*
|--------------------------------------------------------------------------
| Session Cache Store
|--------------------------------------------------------------------------
|
| While using one of the framework's cache driven session backends you may
| list a cache store that should be used for these sessions. This value
| must match with one of the application's configured cache "stores".
|
| Affects: "apc", "dynamodb", "memcached", "redis"
|
*/

'store' => env('SESSION_STORE'),

// vendor/laravel/framework/src/Illuminate/Session/SessionManager.php

/**
 * Create an instance of the Redis session driver.
 *
 * @return \Illuminate\Session\Store
 */
protected function createRedisDriver()
{
    $handler = $this->createCacheHandler('redis');

    $handler->getCache()->getStore()->setConnection(
        $this->config->get('session.connection')
    );

    return $this->buildSession($handler);
}

疑惑解决了！ 通过观察Laravel框架源码，发现中间件StartSession中会对于每个中间件内的请求存入session 具体方法如下

/**
     * Handle the given request within session state.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Illuminate\Contracts\Session\Session  $session
     * @param  \Closure  $next
     * @return mixed
     */
    protected function handleStatefulRequest(Request $request, $session, Closure $next)
    {
        // If a session driver has been configured, we will need to start the session here
        // so that the data is ready for an application. Note that the Laravel sessions
        // do not make use of PHP "native" sessions in any way since they are crappy.
        $request->setLaravelSession(
            $this->startSession($request, $session)
        );

        $this->collectGarbage($session);

        $response = $next($request);

        $this->storeCurrentUrl($request, $session);

        $this->addCookieToResponse($response, $session);

        // Again, if the session has been configured we will need to close out the session
        // so that the attributes may be persisted to some storage medium. We will also
        // add the session identifier cookie to the application response headers now.
        $this->saveSession($request);

        return $response;
    }

这就解释为什么每次请求都会往session存入一个_token值了。至于为啥会去读cache的前缀就在另外一步。

/**
     * Create a new session middleware.
     *
     * @param  \Illuminate\Session\SessionManager  $manager
     * @param  callable|null  $cacheFactoryResolver
     * @return void
     */
    public function __construct(SessionManager $manager, callable $cacheFactoryResolver = null)
    {
        $this->manager = $manager;
        $this->cacheFactoryResolver = $cacheFactoryResolver;
    }

具体就是这个SessionManager 的类在处理会根据不同配置创建不同的缓存驱动 至于为什么是调用的是默认的cache驱动我还在研究中