Windows Media Player 发送的标头
我正在使用这个 http://nunzioweb.com/streaming_audio-example.htm 来嵌入和播放.mp3 文件
问题是上述方法使用的文件包含 .mp3 文件的链接
例如:该列表包含各种 MP3 文件,例如
http://www.domain.com/music/getsong.php?id=21
http://www.domain.com/music/getsong.php?id=22
http://www.domain.com/music/getsong.php?id=23
我正在使用 getsong.php 来验证用户是否已登录通过会话变量和cookie。但是,以这种方式(通过嵌入 WMP)访问 getsong.php 时,即使用户已登录,也无法进行用户验证。
但是当直接通过 http://www.domain.com/music/getsong.php?id=23 用户验证工作正常。
嵌入式 WMP 发送的标头是否与直接访问 URL 时发送的标头不同?
I am using this http://nunzioweb.com/streaming_audio-example.htm to embed and play.mp3 files
The problem is that the above method uses a file that contains a link to .mp3 files
Eg: the list contains various MP3 files such as
http://www.domain.com/music/getsong.php?id=21
http://www.domain.com/music/getsong.php?id=22
http://www.domain.com/music/getsong.php?id=23
I am using getsong.php to verity if the user is logged in via session variables and cookies. But, the getsong.php when accessed in this manner(via embed WMP) fails to do the user verification even if the user is logged in.
But when accessed directly via http://www.domain.com/music/getsong.php?id=23 the user verification works fine.
Are the headers sent by the embedded WMP different than the one sent when accessing the URL Directly?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
据我所知 - WMP 在其内部子请求中尝试使用来自 IE 的 cookie(包括有关会话的信息),并且无法从其他浏览器获取它们。您可以通过分析请求标头的 cookie 部分来检查它。对于不太安全的解决方案,您可以将 PHPSESSID 或其重命名版本包含到 URL 中,以便玩家也可以提交它。
出于安全目的,您可以尝试使用不是由播放器创建的每个请求来重命名会话:)
ps:为什么不使用普通的 Flash 播放器?
As far as I know - WMP in its internal subrequest tries to use cookies (including those with information about session) from IE and is not able to get them from another browser. You can check it analyzing the cookie part of the request headers. For not so secure solution you may include PHPSESSID or its renamed version into the url, so that it will be submitted by the player, too.
For security purposes you may try to rename the session with each request created not by the player :)
ps: why won't you use normal flash player?