最近对 IE 会话 cookie 有何更改?

发布于 2024-07-25 13:30:55 字数 553 浏览 5 评论 0原文

我有一个 PHP 站点,它使用相当常见的身份验证方案。

  • 整个登录区域都需要ssl。
  • 用户输入他们的用户名和密码,如果它们与数据库匹配,则会启动会话并为其设置值。
  • 如果他们尝试访问需要身份验证的页面,它会检查会话中是否存在该值,如果不存在,则将其转发到登录页面。

我们总是遇到一些人登录时遇到问题,因为他们没有设置使用会话 cookie,或者他们在存储转发页面的缓存中出现问题等。

然而,最近,我们有很多使用 IE 的人无法登录。 修复会话 cookie 设置和清除缓存并没有帮助,但如果他们在同一台计算机上使用 firefox/opera,则可以登录。 我很确定这是 IE 的问题,而不是中间的任何问题。

有谁知道 IE 7 最近的任何更改会影响会话 cookie?

更新:

我最近确实在登录后立即实现了 session_regenerate_id() 调用,因为现在有一些用户可能有一个将要使用的现有会话的情况,但那是很久以前的事了。

I have a PHP site that uses a fairly common authentication scheme.

  • The entire login area requires ssl.
  • A user enters their username and pw, if they match the db, a session is started and a value set for them.
  • If they try to visit a page that requires authentication, it checks to see if that value is present in the session, and forwards them to the login page if it isn't.

We always get a few people that have trouble loggin in because they aren't set to use session cookies, or they have problems with the cache stroring the forward page, etc.

Lately, however, we have had a lot of people with IE who can't login. Fixing their session cookie settings and clearing the cache don't help, but they can login if they use firefox/opera on the same computer. I'm pretty sure it's a problem with IE, and not anything in between.

Does anyone know of any recent changes to IE 7 that would affect session cookies?

Update:

I did recently implement a session_regenerate_id() call immediately after login, as there are now some circumstances where a user may have an existing session that will be used, but that was quite some time ago.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

去了角落 2024-08-01 13:30:55

我的第一步是找到一个可以使用 Firefox 而不是 IE 登录的用户,然后对两者运行 Fiddler,以查看登录过程的 HTTP 请求/响应对的差异。 这至少应该让您更好地了解该去哪里寻找。

My first step would be to find a user who can log in with Firefox and not IE, and then run Fiddler against both to see the differences in the HTTP request/response pairs for the login process. That should, at least, give you a better idea of where to look.

全部不再 2024-08-01 13:30:55

如果 IE 的安全设置被调高(这在企业环境中尤其常见),或者您登录的页面位于框架或 iframe 中,则可能导致 cookie 无法保存。 如果是这种情况,您所需要做的就是设置 P3P 策略 HTTP 标头。 这是我能找到的关于如何实现它们的最佳描述。

If IE's security settings are cranked up (which is common especially in corporate environments), or if the page that you're logging in to is in a frame or iframe, that could be what's keeping the cookie from saving. All you need to do is set P3P policy HTTP headers if that's the case. Here's the best description that I could find on how to implement them.

客…行舟 2024-08-01 13:30:55

我什么也没听到。 不过,这正是我在所有公共项目中改用无 cookie 会话的原因。 我相信 ASP.Net 已内置此功能,但我更喜欢使用我自己的实现。 在页面之间传递查询字符串 sessionid 参数并将其绑定到数据库记录或其他数据存储要可靠得多。

I haven't heard anything. Though, this is precisely why I switched to using cookieless sessions on all my public projects. I believe ASP.Net has this built in but I prefer to use my own implementations. Passing querystring sessionid parameters from page to page and either tying it to a DB record or some other data store is far more reliable.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文