为什么我的会话随机不保存?
我们通过添加以下代码行修复了浏览器无法登录子域的问题。
ini_set('session.cookie_domain', '.'.get_domain('http://'.$_SERVER['SERVER_NAME']));
get_domain 函数获取站点的域,以便“sub.sub.domain.com”将返回“domain.com”。我们在前面加上一个“.”这样我们的会话在所有子域中都很好。
这解决了无法登录的问题,但现在的问题是,自从我们添加这行代码后,我们将随机无法登录,因为会话不可用没有创建并且只是 NULL。
我说随机是因为我不知道是什么原因造成的。有一天,用户可以登录,第二天他们尝试登录,但失败了。清除cookie通常可以解决问题。知道我可能做错了什么吗?我尝试过谷歌搜索,但没有找到任何有帮助的东西,我们的用户感到沮丧,而我已经没有想法了。非常感谢任何帮助。
We fixed an issue we had with a browser from not being able to log in on subdomains by adding the following line of code.
ini_set('session.cookie_domain', '.'.get_domain('http://'.$_SERVER['SERVER_NAME']));
The get_domain function gets the domain of a site so that "sub.sub.domain.com" will return "domain.com". We prepend a "." so that our sessions are good across all subdomains.
That fixed the issue of not being able to login but the problem now is that ever since we added this line of code we will randomly not be able to login because the sessions aren't created and are just NULL.
I say randomly because I can't figure out what's causing it. One day a user is able to login, they try to login the next day and it doesn't work. Clearing the cookies will usually solve the issue. Any idea what I might be doing wrong? I've tried googling but haven't found anything that has helped, our users are getting frustrated and I'm running out of ideas. Any help is really appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
对我来说似乎存在缓存问题,但这只是一个假设。
仅从您的描述很难判断问题出在浏览器端还是服务器端。
我能给你的最好建议是在登录表单上实施 cookie 测试。在用户实际输入他/她的凭据之前,您需要设置一个测试 cookie 并使用附加的
testget 参数重定向到同一页面。如果使用此附加test参数请求页面,则会检查测试 cookie 是否已成功设置。只有测试通过后才允许登录。否则给出错误消息并告知用户技术问题。
这可能会帮助您确定问题实际发生的时间。此外,您甚至可以从服务器端添加更多信息,以防出现错误,这可能有助于您调试问题。
Looks like there is a caching problem to me but this is only an assumption.
From your description alone it's hard to tell whether the problem lies on the browser-side or the server-side.
The best suggestion I can give to you is to implement a cookie test on the login form. Before the user actually enters his/her credentials your're setting a test-cookie and redirect to the same page with an additional
testget-parameter. If the page is requested with this additionaltestparameter it's checked if the test cookie was successfully set.Only allow to login if the test passed. Otherwise give an error message and inform the user about the technical problem.
This might help you to identify when the problem actually occurs. Additionally you can even add more information from the server-side in case of an error that might help you to debug the problem.
为了排除这种情况,请尝试使用常量字符串设置域,而不是使用
get_domain()派生它,如下所示:在浏览器中仔细查看在
.foo 上设置的 cookie .com以及可能在sub.foo.com上设置(或正在设置)的任何旧问题,由于某些原因,我发现了一些与您所描述的问题类似的问题cookie 对不同的服务器不可见。问题在于
sub.foo.com可能已经定义了一个您没有删除的 cookie 条目,并且只有它才能看到它。由于www.foo.com无法查看.foo.com,因此从www.foo.com在.foo.com上设置了新的 Cookie >sub.foo.com cookie。我希望这是有道理的......
Just to rule it out please try setting the domain with a constant string rather than deriving it with
get_domain()something like this:Have a good look in your browser for cookies both set on
.foo.comand any old ones that might be set (or being set) onsub.foo.comI've seen some problems similar to the one that you've described due to some cookies not being visible to different servers. The problem is along the lines that
sub.foo.commight have a cookie entry already defined that you didn't remove and only it will be able to see it. A new cookie is set fromwww.foo.comon.foo.comaswww.foo.comis unable to see thesub.foo.comcookie.I hope that made sense...
事实证明,我忘记在其中一个标题中更改此设置,这使一切都变得不正常。
(抱歉回答我自己的问题,为大家投票以寻求帮助)
Turns out I had forgotten to change this setting in one of the headings which was throwing everything out of whack.
(Sorry for answering my own question, up voted everyone for the help)