iPhone“书签到主屏幕”删除 cookie 和会话?
现在我正在开发一个基于网络的应用程序,用户必须首先登录。
当我通过 iPhone Safari 打开页面、登录并重新启动 Safari 时,我仍然处于登录状态(Cookie 和会话 ID 仍然设置)。
但是,当我使用“添加到主屏幕”添加此页面时,每次单击该页面的图标时,我都必须再次登录。
我没有找到任何相关信息。我该怎么做才能让我的用户将此页面设置为他们的主屏幕 作为图标,并且每次打开它时仍然不需要登录?
Right now I am developing a Web-based Application, where the User has to login first.
When I open the Page by iPhone Safari, login and restart Safari, I am still logged in (Cookie & Session ID still set).
But when I add this Page with "Add to Home Screen", each Time i click the Icon for that page, I have to login again.
I did not find any information about that. What can I do so my users can set this page to their home screen
as icon and still don't have to login each time they open it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
一个非常简单的方法可能是在您的书签 URL 中使用唯一的令牌,它可以为您提供唯一的设备标识符。
例子:
http://myWebApp.com/?token=randomId29238/1
开启时可以在服务器端生成token Mobile Safari 中应用程序的时间以及在提示用户“添加到主屏幕”信息之前。
然后可以使用快速重定向 (…&token=randomToken) 或位置哈希 (…#randomToken) 将令牌添加到 URL。
现在,每当从主屏幕打开书签时,令牌都会发送到您的服务器,您可以识别用户的活动会话。
您也可以使用令牌作为永久会话 ID,但出于安全考虑,我建议不要这样做。
为了允许将来的注销和登录过程,您始终可以将新会话分配给令牌。
每当用户从主屏幕重新打开您的链接时,令牌将作为唯一的设备标识符。
A really simple approach could be to use a unique token in your Bookmark-URL which can serve you as a unique device identifier.
Example:
http://myWebApp.com/?token=randomId29238/1
The token can be generated at the server side at opening time of the application in Mobile Safari and before the user is prompted with the "Add to Home Screen" information.
The token can then be added to the URL using a quick redirect (…&token=randomToken) or a location hash (…#randomToken).
Whenever the Bookmark is now opened from the Home Screen, the token is sent to your server and you can identify the user's active session.
You may also use the token as a permanent session id, but I advise against that because of security concerns.
To allow future logout and login procedures, you can always assign the new sessions to the token.
The token will serve you as a unique device identifier whenever the user will re-open your link from his Home Screen.
在我看来,有一个比favo 更简单、更优雅的解决方案。
至少在 iOS 4.2.1、5.1.1、6.0 和 6.1 下(我无法测试其他版本),如果您手动延长会话 cookie 的生命周期,Safari 将保留会话 cookie,甚至允许共享Web 应用程序的“主屏幕安装”版本与通过 Safari 本身进行的正常访问之间的会话。
诀窍是这样做:
要更详细地讨论此策略,您可以查看我对此问题的回答:
在 iPhone 上的网络应用程序中维护 PHP 会话
There is an easier and, imo, more elegant solution than favo's.
At least under iOS 4.2.1, 5.1.1, 6.0 and 6.1 (I couldn't test other versions), if you extend the lifetime of your session cookie manually, Safari will hold on to the session cookie and even allow sharing of the session between the 'home screen installed' version of your web app and normal visits through Safari itself.
The trick is to do this:
For a more elaborate discussion of this strategy you can take a look at my answer of this question:
Maintain PHP Session in web app on iPhone
我将进一步扩展沃尔多·巴金斯的回答。
当我遇到这个问题时,我发现发生这种情况的原因是服务器上设置的会话 cookie 通常没有设置过期值。在这种情况下,浏览器的默认行为是在关闭/重新打开浏览器时丢弃 cookie。由于浏览器在重新打开时不会重新发送 cookie,因此即使会话在服务器上尚未过期,服务器也无法识别该会话,因此您的用户将被重定向回登录页面。
当用户在 Web 应用程序模式下使用您的网站(图标添加到主屏幕)时,iOS 对待导航到/从应用程序的处理方式与台式计算机处理关闭和重新打开浏览器的方式相同,并在重新打开时丢失会话。
因此,按照 Wilbo 的建议并为 cookie 设置过期时间,当用户导航回您的应用程序时,iOS 会检查 cookie 是否已过期,如果尚未过期,则重新发送 cookie,从而维持会话。 Wilbo 的答案中的 1 年值长得离谱,您通常希望将其设置为 8 或 24 小时之类的值,并且理想情况下将其与您在服务器上设置的会话到期超时值同步。
请注意,副作用是,当从桌面浏览器访问您的站点时,用户关闭并重新打开浏览器,会话将继续存在,并且用户仍将登录,这不会是以前的情况(除非他们私下浏览)。您的“注销”功能必须正确处理此 cookie 的过期问题。
对于使用 web.xml 版本 3.0 或更高版本的 Java Web 应用程序,最简单的方法是修改
I am going to expand a little further on Waldo Baggins' answer.
When I ran into this, I discovered the reason this was happening is that session cookies set on the server usually do not have an expiration value set. The default behavior in this case is for the browser to discard the cookie when the browser is closed / re-opened. Since the browser does not resend the cookie on re-opening, the server has no way of identifying the session, even if it hasn't expired on the server yet, and thus, your user is redirected back to the login page.
When the user is using your site in web app mode (icon added to home screen), iOS treats navigating to / from the app the same way a desktop computer would treat closing and reopening the browser, and loses the session when reopened.
So following Wilbo's suggestion and setting an expiration time for the cookie, iOS checks if the cookie has expired when the user navigates back to your app, and if it hasn't, re-sends the cookie, thus maintaining the session. The value of 1 year in Wilbo's answer is ridiculously long, you would typically want to set this to something like 8 or 24 hours, and ideally sync it with the session expiry timeout value you have set on the server.
Note that as a side effect, when your site is accessed from a desktop browser, and the user closes and re-opens the browser, the session would continue to persist and the user will still be logged in, which wouldn't have been the case previously (unless they were browsing privately). Your "Logout" feature would have to properly handle expiring this cookie.
For a Java webapp using web.xml version 3.0 or higher, the easiest way to do this is to modify
<session-config>as follows:Web 应用程序可以使用持久键值存储和数据库存储。您可以使用 localStorage 对象保存身份验证数据,并使用 XMLHttpRequest 将其发送到服务器。
另一种选择是将持久数据保存在 SQLite 数据库中,但这似乎不是您的情况的正确解决方案。
查看苹果的 客户端存储和离线应用程序编程指南了解详细信息/示例。
There are persistent key-value storage and database storage available for web apps. You can save your authentication data using localStorage object and use XMLHttpRequest to send it to the server.
Another option is saving your persistent data in a SQLite database, however this doesn’t seem to be a proper solution in your case.
Check out Apple’s Client-Side Storage and Offline Applications Programming Guide for details/examples.