为什么 Magento 每个会话使用 2 个 cookie?
出于数据安全和隐私原因,我想知道为什么 Magento 对一个前端会话使用两个 cookie。
我所知道的是其中一个在 Mage_Core_Model_Cookie::set(..) 中设置,另一个在 Zend_Session::expireSessionCookie() 中设置,但我仍然可以似乎不明白它们是用来做什么的。
我只是想不出为什么同一域需要第二个 cookie 的原因。
For data security and privacy reasons I want to know why Magento uses two cookies for one frontend session.
All I know is that one of them is being set in Mage_Core_Model_Cookie::set(..) and the other one in Zend_Session::expireSessionCookie(), but still I can't seem to figure out what they are used for.
I just can't think of any reason why one would need a second cookie for the same domain.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我将把这个称为残留代码。 Varien 严重依赖 Zend Framework 作为 Magento 的基础,因此许多类(例如 Zend_Session)被用作 Magento 实现的父类。
标记为“frontend”的 Varien-set cookie 是根据您访问的站点部分命名的(例如,如果您通过后端登录,您将拥有一个单独的“admin”cookie),而 Zend cookie 似乎是全局的。
另请注意,我能够删除 Zend cookie,而没有任何明显的有害影响(我的登录会话和购物车仍然可以访问,并且 cookie 没有立即替换)。
I'm going to call this one vestigial code. Varien relies heavily on the Zend Framework as the underpinning for Magento, so many of the classes (Zend_Session for instance) are used as parent classes for Magento implementations.
The Varien-set cookie labeled "frontend" is namespaced for the section of the site you visit (e.g. you will have a separate "admin" cookie if you log in through the backend), whereas the Zend cookie appears to be global.
Also note that I was able to delete the Zend cookie without any apparent deleterious effects (my login session and cart remained accessible, and the cookie was not immediately replaced).
我可以通过颠倒
session_start()调用的顺序以及在Mage_Core_Model_Session_Abstract_Varien::start(..)中设置 cookie 的语句来解决此问题。这两行现在看起来像这样:它现在只创建一个 cookie,而且似乎没有任何副作用。
顺便说一句:另一个 cookie 并未像我想象的那样在 Zend_Session 中创建,而是来自
Mage_Core_Model_Session_Abstract_Varien::start(..)。I was able to fix this by reversing the order of the
session_start()call and the statement that sets the cookie inMage_Core_Model_Session_Abstract_Varien::start(..). Those two lines now look like this:It now only creates one single cookie and it does not seem to have any side-effects.
BTW: The other cookie was not created in Zend_Session as I assumed, but instead both of them came from
Mage_Core_Model_Session_Abstract_Varien::start(..).这很有趣。我刚刚检查了企业版的安装,只设置了“PHPSESSIONID”,即使登录到两者,“frontend”和“admin”也丢失了。也许这是仍在积极开发的东西。
That is interesting. I just checked on an install of enterprise edition and only "PHPSESSIONID" is set, "frontend" and "admin" are missing even when logged into both. Perhaps this is something still actively being developed.