读取 cookies & cookie 域
我有两台服务器:实时服务器 (mydomain.com) 和 QA 服务器 (qa.mydomain.com)。当我设置 cookie 时,我将域分别设置为“.mydomain.com”和“.qa.mydomain.com”。这些 cookie 之一称为“session_id”,用于身份验证和登录目的。很明显,一个域的 cookie 不适用于另一个域。然而,当我在域前面添加点时,PHP 有时会读取 QA 服务器上的“.domain.com”cookie,导致我无法登录。
有没有办法让 PHP 读取正确的 cookie?
I have two servers: the live server (mydomain.com) and the QA server (qa.mydomain.com). When I set cookies I set the domain as respectively ".mydomain.com" and ".qa.mydomain.com". One of these cookies, called "session_id" is used for authentication and login purposes. It is obvious that a cookie for one domain will not work on the other. However as I am prepending the dot to the domain PHP sometimes reads the ".domain.com" cookie on the QA server with the result that I am not able to login.
Are there ways to have PHP read the correct cookie?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
前面加上点意味着它对所有子域也有效。因此 .mydomain.com cookie 对于 qa.mydomain.com 也有效。
现在不仅仅是 PHP 读取 cookie;而是 PHP 读取 cookie。浏览器也会根据 cookie 的有效域来发送 cookie。
由于您具体讨论的是会话 cookie,因此您可能需要考虑使用命名会话。据我所知,会话的名称也用在 cookie 的名称中。这意味着您的实时和测试环境会有不同的会话名称。
否则,删除点也可以达到目的;但我猜您确实希望它适用于 www.mydomain.com,所以我认为这不是一个解决方案;)。
Prepending the dot means it is valid also for all subdomains. So the .mydomain.com cookie is also valid for the qa.mydomain.com.
Now it's not just PHP reading the cookie; but also the browser sending the cookies based on which domain they are valid for.
Since you're in specific talking about the session cookies, you might want to look into using named sessions. For what I can remember, the name of a session is also used in the name of the cookie. Meaning you'd have a different session name for your live and test environment.
Otherwise removing the dot would also do the trick; but I'm guessing you do want it to work for www.mydomain.com, so I don't think it's a solution ;).
请参阅 https://www.php.net/setcookie
你说:
当
.mydomain.com应该匹配所有子域时。我会删除这个点。See https://www.php.net/setcookie
You say:
when
.mydomain.comshould match all subdomains. I would remove the dot.PHP 读取浏览器发送的所有 cookie。由于每个
.qa.domain.com主机也是一个.domain.com主机,因此获取所有 cookie 是正常的。您需要更改域名或更改 PHP 代码,以便能够识别应忽略的 cookie 和不应忽略的 cookie。
PHP reads all the cookies sent by the browser. Since every
.qa.domain.comhost is also a.domain.comhost, it's normal to get all the cookies.You'll need to either change the domain names, or change your PHP code in order to be able to identify the cookies that should be ignored from the ones that shouldn't.
我不认为这是 PHP 的问题。 Web 浏览器应该将正确的 cookie 发送到适当的 Web 服务器。某些浏览器的实现方式可能是子域 cookie 也会根据主域请求发回。
I dont think that it is a PHP issue. The web browser is supposed to send the correct cookie to the appropriate web server. Some browsers may be implemented in such a way that sub-domain cookies are also sent back on main domain request.