通过AJAX将安全Cookie传递给PHP [英] Passing secure cookies to PHP via AJAX

问题描述

我正在实现LinkedIn JavaScript与REST令牌交换，并有一个成员登录的支持SSL的页面，该页面根据文档将其oauth令牌存储在安全的凭据" cookie中.然后，我试图通过jQuery $.post():

I am implementing the LinkedIn JavaScript to REST token exchange, and have an SSL-enabled page that a member signs in on, which stores their oauth token in a secure 'credential' cookie, per the docs. I am then attempting to pass those cookies to a PHP page via jQuery $.post():

$.post('https://' + document.domain + '/exchange.php', function(data) {
  alert(data);
});

当我检查通过Firebug发送的数据时，我可以在jQuery POST的标题中看到以下内容:

When I inspect the data being sent via Firebug, I can see the following in the header of the jQuery POST:

Cookie: __utma=xxxx; __utmc=xxxx; __utmz=xxxx; linkedin_oauth_YYYY=yyyy; PHPSESSID=xxxx; __utmb=xxxx

在exchange.php页面上，通过执行 print_r($ _ COOKIE)，仅公开了不安全的cookie(接收页面只能看到Google Analytics和PHP会话cookie).:

Yet on the exchange.php page, only the non-secure cookies are exposed (only the Google Analytics and the PHP session cookie can be seen by the receiving page) by doing print_r($_COOKIE);:

Array
(
  [__utma] => xxxx
  [__utmc] => xxxx
  [__utmz] => xxxx
  [PHPSESSID] => xxxx
  [__utmb] => xxxx
)

有什么想法我做错了吗?我正在使用SSL发布到同一个域，但是 exchange.php 脚本无法使用安全cookie.

Any ideas what I am doing wrong? I am POSTing to the same domain, using SSL, yet the secure cookie is not available to the exchange.php script.

更新:

我现在也在echo.php页面上回显了$ _SERVER值，有趣的是，我得到了以下内容:

I am now echoing out the $_SERVER values on the exchange.php page as well, and interestingly I get the following:

Array
(
  [HTTPS] => on
  [HTTP_COOKIE] => __utma=xxxx; __utmc=xxxx; __utmz=xxxx; linkedin_oauth_YYYY=yyyy; PHPSESSID=xxxx; __utmb=xxxx
)

因此cookie正在传递，但未在$ _COOKIE变量中设置?仅供参考，运行PHP 5.3.3.

So the cookie is getting passed, but not set in the $_COOKIE variable? FYI, running PHP 5.3.3.

推荐答案

解决了这个问题-在运行上述代码的服务器上，我有

Figured this out - on the server that I am running the above code, I have Suhosin installed and it was limiting both request and cookie indices to a max length of 64 characters - which the full un-obsfuscated linkedin_oauth_YYYY cookie index was longer than. Here are the changes I made to php.ini:

[suhosin]
suhosin.cookie.max_array_index_length = 256
suhosin.cookie.max_name_length = 1024
suhosin.cookie.max_totalname_length = 4096
suhosin.request.max_totalname_length = 4096
suhosin.request.max_varname_length = 1024

这篇关于通过AJAX将安全Cookie传递给PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！