为什么我的PHP会话快要死了?我为什么不能还原它们? [英] Why are my PHP sessions dying? And why can't I restore them?

问题描述

我有一个使用PHP和PayPal API的应用程序.获得付款的基本方法是，您对PayPal进行Web服务调用以获取令牌，然后使用该令牌将浏览器重定向到PayPal，以供用户付款.确认付款明细后，PayPal会重定向回您在服务呼叫中最初设置的URL.

I have an app using PHP and the PayPal API. The basic way it works to get a payment is that you do a web service call to PayPal to get a token and then do a browser redirect to PayPal with that token for the user to pay. After the payment details have been confirmed, PayPal redirects back to the URL you originally set in the service call.

这一切有效，每天都有数百万人使用它，等等.

This all works, millions of people use it every day, et cetera.

奇怪的是，当PayPal重定向回去时，PHP会话消失了.这是一个有据可查的问题

Strange thing is, when PayPal redirects back, the PHP session is gone. It's a well-documented issue.

第一个问题:为什么会这样?两个页面都在同一个域中，都使用HTTPS.该会话适用于所有请求，直到PayPal重定向回为止.

First question: why is this happening? Both pages are on the same domain, both use HTTPS. The session works for all requests up until the PayPal redirect back.

链接的论坛线程提出了一种解决方法，将会话ID保留在PayPal请求中，然后在以后检索它并恢复会话.很好，除了它似乎不起作用.

The linked forum thread suggests a workaround, to persist the session ID in the PayPal request and then to retrieve it later and restore the session. Great, except it doesn't seem to work.

我可以添加一些日志语句:

I can add some log statements:

log(session_id());

各种重定向之前和之后.从贝宝(PayPal)返回时，我会记录更多信息.

before and after the various redirects. When coming back from PayPal, I log some more.

log("session id is " . session_id());
$session_id = get_session_id_from_paypal();
log("setting it back to " . $session_id);
session_id($session_id);
session_start();
log("session id is now " . session_id());

结果根本不是我所期望的:

The result is not at all what I'd expect:

session_id是fc8f459a186a3f4695ff9ac71b563825
将其设置回82460dcf8c8ddd538466e7cb89712e72
session_id现在是360ba3fd99d233e0735397278d2b2e55

session_id is fc8f459a186a3f4695ff9ac71b563825
setting it back to 82460dcf8c8ddd538466e7cb89712e72
session_id is now 360ba3fd99d233e0735397278d2b2e55

第二个问题:为什么会话ID根本不符合我的设置?我究竟做错了什么?或者，至少，为什么没有一个会话变量返回?

Second question: why is the session id not at all what I set it to? What am I doing wrong? Or, at least, why do none of the session variables come back?

推荐答案

只是一个主意...

您是否已将session.referer_check设置为主机? 默认值为空字符串，但可能已更改……并且当页面从PayPal返回"时，php会丢弃会话信息.

Do you have session.referer_check set to your host perhaps? The default is the empty string, but it might have been changed ... and when the page 'comes back' from PayPal, php will trash the session info.

您可以使用phpinfo()检查session.referer_check.

You can check the session.referer_check with phpinfo().

这篇关于为什么我的PHP会话快要死了?我为什么不能还原它们?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！