CakePHP会话更新,但Cookie到期不会 [英] CakePHP Session updates but cookie expiry doesn't
问题描述
简短问题:
为什么我的会话的有效时间更新时,我的会话Cookie的到期时间在浏览器中更新
我发布了 http://stackoverflow.com/questions/10844022/cakephp-session-not-auto-renewing\">类似问题关于这几个星期前,但我没有所有的事实,当时。我现在有更多的细节,问题的性质已经改变,所以我把它作为一个新的问题。
首先,在CakePHP 2,为会话设置以下APP / Config / core.php:
配置:: write('Session',array (
'defaults'=>'database',
'cookie'=>'mycookie',
'timeout'=> 1 // 1分钟$ b));
所以,我加载一个页面,在我的应用程序中创建数据库中的会话。
会话已过期到 1341288066 ,等于 Tue,03 Jul 2012 04:01:06 GMT 。再次,这是伟大的,因为这是从现在起1分钟。
如果我在Firefox的cookie屏幕上看到,我发现cookie就像我预期的那样:
名称:mycookie
内容:aqm0gkmjfsuqje019at8cgsrv3
主机:localhost
路径:/
发送:任何类型的连接
到期日:Tue 03 Jul 2012 11:01:06 AM ICT //(04:01:06 GMT)
现在,在这个1分钟的窗口内,我回到我的应用程序并刷新页面。然后,我检查会话以查看其是否已更新。它对会话ID aqm0gkmjfsuqje019at8cgsrv3 显示 1341288122 ,等于 Tue,03 Jul 2012 04 :02:02 GMT 这也是我的期望。会话的到期时间已更新为从我上次重新载入网页起的1分钟。
不幸的是,浏览器中的Cookie仍设置为 Expires:Tue 03 Jul 2012 11:01:06 AM ICT (ie: 04:01:06 GMT )这就是它确实,这意味着下次我刷新,Cake生成一个全新的会话ID,即使旧的仍然在技术上有效。
我的问题基本上是什么在这?为什么Cookie不会在浏览器中更新到新的到期日期?
您发现的问题确实是意想不到的并结束他们应该活着的会话。
这是CakePHP使用PHP的Session函数的结果。有一个条目(#3047 < a>)在CakePHP bugtracker中,其中Mark Story(CakePHP开发人员)同意这应该是固定的
与存储在会话中的会话时间一起更新。然而,这不是PHP的会话处理的内部功能如何工作。
因为这将改变当前的行为(可能是奇怪的) ,修复被推迟到2.3版本。
我认为管理PHP之外的cookie状态将是最合适的解决方案。我不知道如何安全的变化这是为现有的应用程序。改变会话的工作方式可以是巨大的变化,并允许用户保留日志更长的时间可能不是所有的开发人员期待的。
Short Question:
Why doesn't my session cookie's expiry time get updated in the browser when my session's expirty time is updated on the server?
Long Question:
I posted a similar question about this a few weeks ago but I didn't have all of the facts at the time. I now have more detail and the nature of the question has changed so I'm posting it as a new question.
First of all, in CakePHP 2, I've set up APP/Config/core.php with the following for the session:
Configure::write('Session', array(
'defaults' => 'database',
'cookie' => 'mycookie',
'timeout' => 1 // 1 minute - just for testing
));
So, I load a page which in my app which creates the session in the database. All good so far.
The session is stamped to expire at 1341288066 which is equal to Tue, 03 Jul 2012 04:01:06 GMT. Again, this is great because that's 1 minute from now. Exactly what I wanted.
If I look in Firefox's cookie screen, I find the cookie just as I would have expected it:
Name: mycookie
Content: aqm0gkmjfsuqje019at8cgsrv3
Host: localhost
Path: /
Send for: Any type of connection
Expires: Tue 03 Jul 2012 11:01:06 AM ICT // (04:01:06 GMT)
Now, within this 1-minute window, I go back to my app and refresh the page. Then, I check the session to see if it's updated. It shows 1341288122 against the session id aqm0gkmjfsuqje019at8cgsrv3 which is equal to Tue, 03 Jul 2012 04:02:02 GMT which, again, is what I expected. The expiry of the session has been updated to be 1 minute from when I last reloaded the page.
Unfortunately, the cookie in the browser is still set to Expires: Tue 03 Jul 2012 11:01:06 AM ICT (ie: 04:01:06 GMT) and that's exactly what it does, meaning that the next time I press refresh, Cake generates a brand new session ID even though the old one is still technically valid.
My question is basically what is going on here? Why doesn't the cookie get updated with the new expiry date in the browser?
The issue you have spotted is indeed unexpected and ends sessions where they should stay alive.
This is the result of how CakePHP uses the Session functions of PHP. There is an entry (#3047) in the CakePHP bugtracker, where Mark Story (CakePHP developer) agrees this should be fixed
I can agree that the cookies should be updated alongside the session times stored in the session. However, that's not how PHP's internal features for session handling work. There seem to be a few different ways to workaround this issue.
As this will change the current behavior (however weird it may be), the fix is postponed to version 2.3, though.
I think managing the cookie state outside of PHP is going to be the most appropriate solution. I don't know how safe of a change this is for existing applications though. Changing how sessions works can be dramatic change and allowing users to stay logge din much longer might not be what all developers are expecting.
这篇关于CakePHP会话更新,但Cookie到期不会的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
