IE7下有两个同名的cookie怎么办?
一些背景:
除了 PHPSESSID 之外,CakePHP 还写入它自己的会话 ID cookie。 这用于验证请求。 然后 SWFupload 发送一个文件和该令牌进行身份验证,并被选为新的用户代理 - 因此在 cakephp 中,您必须禁用“check-user-agent”安全功能。
在许多浏览器上这已经足够了。 IE7版本和SWF版本似乎与此错误没有关联。 在我们的例子中,IE7 存储/发送同一 cookie 的两个版本。 所以第一个问题是为什么? 如何?
进一步解释:
因为这些重复的 cookie 存储在标头字符串的开头和结尾,所以 PHP/Cake 接收一端(如果它是一个骗局),因此它“选择”一个,而我在 swfobject 中设置和发送的手动 cookie 是另一个曲奇饼。 我可以想到一些技巧来解决这个问题 - 但实际上我想知道这种情况首先是如何出现的。
CakePHP 似乎也不会在注销和登录时生成唯一的 CakeSession id,这可能是原因,解决方案可能是强制 cake 在任何地方使用 PHPSESSID,或者可能只是为了确保 swfupload 发送正确的 SESSID...
编辑一: CakePHP 发送的 cookie 标头是:
Set-Cookie: CAKEPHP=gqlpa88blmhmdsmv9e99ga16b3; expires=Thu, 13-Aug-2009 13:21:02 GMT; path=/
Set-Cookie: CAKEPHP=deleted; expires=Wed, 06-Aug-2008 13:21:01 GMT; path=/
Set-Cookie: CAKEPHP=ob5695trnspprlohiunrpqgkm0; expires=Thu, 13-Aug-2009 13:21:02 GMT; path=/
欢迎任何想法!
Some background:
CakePHP writes it's own session id cookie besides the PHPSESSID. This is used to authenticate a request. Then an SWFupload sends a file, and that token to authenticate, and is picked up as a new user agent - so in cakephp you must disable the "check-user-agent" security feature.
On many browsers this is enough. IE7 version and SWF version seem to have no corelation to this bug. In our case IE7 was storing/sending two versions of the same cookie. So the first question is why? How?
Further explanation:
Because these duplicate cookies are stored at the beginning and end of the header string, PHP/Cake receives the one end if it's a dupe so it "chooses" one, and the manual cookie I set and send in swfobject is the other cookie. I can think of a few hacks to fix this - but really I'd like to know how this condition could arise in the first place.
CakePHP also seems to not generate unique CakeSession ids on logout and login, which might be the cause, and the solution could be to force cake to use PHPSESSID everywhere, or it may be just to make sure that swfupload sends the correct SESSID...
Edit one:
The headers for cookies sent by CakePHP are:
Set-Cookie: CAKEPHP=gqlpa88blmhmdsmv9e99ga16b3; expires=Thu, 13-Aug-2009 13:21:02 GMT; path=/
Set-Cookie: CAKEPHP=deleted; expires=Wed, 06-Aug-2008 13:21:01 GMT; path=/
Set-Cookie: CAKEPHP=ob5695trnspprlohiunrpqgkm0; expires=Thu, 13-Aug-2009 13:21:02 GMT; path=/
Any ideas welcome!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果两个 cookie 设置为不同的域或路径,则它们可能具有相同的名称。
例如,如果您在“www.example.com”和“example.com”上设置了 cookie“ID”,则对于“www.example.com”或“anything.com”的每个请求都会发送两个 ID cookie。 www.example.com”。
为了防止这种情况发生,请确保您始终为同一域设置 cookie,如果您碰巧有多个域名别名到同一服务器(例如 www.example.com 和 example.com),则将一个重定向到另一个。
同样,不要使用不同的路径值设置相同名称的 cookie。
Two cookies may have the same name if they were set for different domains or paths.
For instance, if you set a cookie "ID" on "www.example.com" and also on "example.com", then two ID cookies will be sent for every request for "www.example.com" or "anything.www.example.com".
To prevent this, ensure that you're consistently setting cookies for the same domain, and if you happen to have multiple domain names aliased to the same server (e.g. www.example.com and example.com) then have one redirect to the other.
Similarly, don't set cookies of the same name with a different path value.
据我记得,如果您设置一个已经存在的 cookie,它只会覆盖旧 cookie 的值和到期日期......这是每个域的。 意味着您可以在 / 和 /anything 下有 2 个同名的 cookie,并且它们不会互相覆盖。
cookie 的名称在其站点内是唯一的。 至少在标准上。 不知道IE7是否也遵循这个。
或者这不是你要问的?
问候
as far as i remember, if you set a cookie that already exists, it just overwrites the value and expiration date of the old cookie... this is per domain. means you can have 2 cookies with the same name under / and under /anything and they don't overwrite each other.
a cookie's name within it's site is unique. at least in standard. don't know whether IE7 follows this one.
or isn't it what you're asking?
regards