htaccess mod_rewrite、PHP 和 cookie 在浏览器中关闭
当 cookie 关闭时,PHP 将会话 ID 放入 URL 中。在使用 .htaccess 重写的情况下,是否必须考虑此会话 ID(通过主动编码)?
另外,我认为当 cookie 关闭时,当混合使用 .php 文件和 .html 服务时,会话 ID 无法自动传播。也就是说,如果用户从 .php 页面导航到 .html 页面,然后返回到 .php 页面,则会话 ID 会丢失,因为 .html 文件无法解释它。这是正确的吗?
PHP puts the session id into the URL when cookies are turned off. Does this session id have to be accounted for (by proactively coding for it) in the case where .htaccess rewrite is being used?
Also, I presume that when cookies are off the session id cannot be propagated automatically when there are a mix of .php files and .html being served. That is, if a user navigates to an .html page from a .php page and then back to .php page, the session id is lost as the .html file cannot account for it. Is this correct?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在大多数情况下,会话 ID 不会出现在 .htaccess 处理中,因为它位于 URL 的
QUERY_STRING部分(即?之后)。但如果您在RewriteCond中测试QUERY_STRING或在RewriteRule中替换它,您可能必须考虑到这一点。您假设正确,会话 ID 不会通过纯 HTML 文件传播。但是,您可以使用
.htaccess通过 PHP 运行.html文件:以及类似的内容来激活这些文件的 URL 重写功能:
其中 session_start.php 仅包含:
(有关详细信息,请参阅这个问题)。
或者您可以直接发布一个错误页面,告诉用户您不支持在关闭 cookie 的情况下运行。
In most cases the session ID does not figure in .htaccess processing because it is in the
QUERY_STRINGpart of the URL (that is, after a?). But you might have to account for it if you testQUERY_STRINGin aRewriteCondor replace it in aRewriteRule.And you presume correctly, the session ID will not propagate through a pure HTML file. However, you could use
.htaccessto run.htmlfiles through PHP:and something like this to activate the URL rewriting feature for those files:
where session_start.php contains just:
(See this SO question for details).
Or you could just put up an error page telling users that you don't support running with cookies off.