$_SESSION 变量未在 HTTPS 上继承
我正在本地主机上开发一个网站,一切正常,但现在该网站已上传到我们的插入在线/插入服务器,$_SESSION
变量不会从login.php转移到index.php页面。两者都位于 HTTPS 上,该过程永远不会脱离 HTTPS。正如我所说,在我的本地主机上一切正常。
我的本地主机的 PHP 版本是 5.3.2,HTTPS 服务器是 5.2.6。我可以识别的有关会话的设置的唯一区别是 session.use_only_cookies
在我的本地主机上为 On
,而在 HTTPS 服务器上为 Off
。
谁能解释一下为什么会话变量没有被传输?附言。我在login.php 和index.php 中都有session_start();
。
提前致谢。
I am developing a site on my localhost, where everything works fine, but now that the site is uploaded to the HTTPS side of our inserted ONLINE /inserted server, the $_SESSION
variables don't get carried over from the login.php to the index.php page. Both are located on HTTPS, the process never goes out of HTTPS. As I said, everything worked fine on my localhost.
My localhost's PHP is version 5.3.2 and the HTTPS server is 5.2.6. The only difference in settings I can identify regarding sessions is session.use_only_cookies
is On
on my localhost and Off
on the HTTPS server.
Can anyone please shed some light as to why the session variables are not transferred? PS. I do have session_start();
in both login.php and index.php.
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您是否检查过会话 cookie 是否在 HTTP 和 HTTPS 请求之间传递?双方都存在相同的会话令牌吗?
如果通过 HTTPS 页面建立的 cookie 被标记为“仅安全”,则它不会传输到非 SSL 页面,因此您会在非安全页面上得到一个全新的空会话,这会给您带来以下症状“丢失”的会话变量。他们并没有真正失踪,只是在其他一些现在不活跃的会话中。
Have you checked that the session cookie is carried over between the HTTP and HTTPS requests? And that the same session token is present on both sides?
If the cookie established via the HTTPS page is marked as "secure only", it will not be transmitted to non-SSL pages, so you'd get a brand new empty session on the non-secure pages, which would give you the symptoms of "missing" session variables. They're not really missing, just in some other session which isn't active now.
有一些事情可能会出错。
确保login.php和index.php都是通过https访问的。
session.cookie_secure
默认为关闭,但你永远不知道。还要确保它们都在同一个域中。 Cookie 是按域设置的。
也许有一些奇怪的饼干设置?您可以使用以下命令查看当前会话 cookie 设置:
session_get_cookie_params()
您还可以验证浏览器中 cookie 的设置方式(如果有的话),对于 Opera,您可以在页面中右键单击,选择“编辑站点首选项”,然后使用“Cookie”选项卡。从我的头脑中不知道其他浏览器...
另一种可能性是一个无聊的
session.save_path
,运行session_save_path()
不带任何参数来获取当前session_save_path,确保运行 PHP 的用户(通常但不一定是运行 Web 服务器的同一用户)可以写入此目录。There are a few things that can go wrong.
Make sure both login.php and index.php are accessed through https.
session.cookie_secure
defaults to off, but you never know.Also make sure they are they both on the same domain. Cookies are set per-domain.
Maybe there is some oddball cookie setting? You can view the current session cookie settings with:
session_get_cookie_params()
You can also verify how the cookie is being set in your browser (if at all), for Opera you can right-click in the page, select "edit site preferences", and use the "Cookie" tab. Don't know about other browsers from the top of my head ...
Another possibility is a borked
session.save_path
, runsession_save_path()
without any arguments to get the current session_save_path, make sure the user running PHP (typically but not necessarily the same user running the webserver) can write to this directory.