跨子域维护会话变量
我一直在尝试维护两个子域之间的会话变量,但发现这是不可能的。我最终创建了 2 个最小的 PHP 网页作为测试台,其中一个我称之为“测试 1”的网页刚刚设置
$_SESSION['test'] = "Fred";
,并有一个指向“测试 2”的超链接,该链接只是尝试回显 $_SESSION['test'] 的值以证明它是是否有效。我将“test 1”放在我的 www 域中,将“test 2”放在我的子域中。我尝试从各种来源尝试各种版本的标题中应包含的内容。以下是主要的 3 个(当然还有它们的变体):
ini_set('session.cookie_domain',substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
session_start();
或
ini_set('session.cookie_domain','mydomain.com');
session_start();
或
ini_set('session.cookie_domain', PHP_INI_ALL);
session_start();
或
session_set_cookie_params(0, "/", ".mydomain.com", false);
session_start();
我发现在每种情况下我都会得到相同的结果。会话不会跨子域进行,并且页面 test 2 不知道我将 $_SESSION['test'] 设置为什么值。然而,网络上似乎有足够的确定性认为上述方法之一应该有效。知道会发生什么吗,特别是因为我使用最少的页面来测试该机制(我看不到任何副作用)?顺便说一下,我在共享服务器上,如果这与这里相关的话。
谢谢你的想法。坦率。
编辑。 我修好了。这个问题是由Suhosin引起的。请参阅本页底部的详细答案。
I have been trying to maintain session vars between two subdomains and found it impossible. I ended up creating 2 minimal PHP web pages as a test bed, one I call 'test 1' just sets
$_SESSION['test'] = "Fred";
and has a hyperlink to 'test 2' which simply tries to echo the value of $_SESSION['test'] to prove it's worked, or not. I place 'test 1' in my www domain and 'test 2' in my sub domain. I try various version of what should go in the header, from various sources. Here are the main 3 (and of course their variants):
ini_set('session.cookie_domain',substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
session_start();
or
ini_set('session.cookie_domain','mydomain.com');
session_start();
or
ini_set('session.cookie_domain', PHP_INI_ALL);
session_start();
or
session_set_cookie_params(0, "/", ".mydomain.com", false);
session_start();
I find that I get an identical result in every case. The session is not carried across the subdomains and page test 2 has no idea what value I set $_SESSION['test'] to. Yet there seems to be plenty of certainty around the 'net that one of the above methods should work. Any idea what could be going on, especially since I am using minimal pages to test the mechanism (no side effects that I can see)? By the way I am on a shared server, if that's pertinant here.
Thank you for your thoughts. Frank.
Edit.
I fixed it. The problem was caused by Suhosin. See detailed answer at the foot of this page.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
好吧,我成功了,而且很臭。
Suhosin 的 suhosin.session.cryptdocroot 选项是问题的全部原因。当会话加密密钥基于 DocRoot 时,当基域和子域从不同的目录提供服务时,会导致子域无法看到彼此的会话变量。这导致服务器上的会话变量存储在不同的文件夹中,因此它们对每个相应的域不可见。
解决方案。只需在您的 php.ini 文件中添加以下 2 行即可:
48 小时的噩梦需要追踪,4.8 秒需要修复。
Ok I nailed it and it was a stinker.
Suhosin's suhosin.session.cryptdocroot option was the entire cause of the problem. When the session encryption key is based on the DocRoot it causes the subdomains to fail to see each other's session variables when the base domain and the subdomains are served from different directories. This leads to the session vars on the server being stored in different folders and hence they are not visible to each of the corresponding domains.
Solution. Simply add these 2 lines in your php.ini file:
A 48 hour nightmare to track down, 4.8 seconds to fix.
我让它工作,设置会话名称和会话 cookie 参数:
I have it working, setting a session name and session cookie parameters: