PHP会话正在子域之间重置 [英] PHP session is getting reset between subdomains
问题描述
我有一个运行有两个子域的网站,这两个子域都需要登录(基于相同的数据库访问凭据).为了使用户更轻松,我想对其进行更改,以便他们可以浏览两个子域而不必分别登录:本质上,他们在一个子域中登录,然后可以在一个和另一个子域之间自由导航.
我在
什么可能导致此问题发生? 我怀疑是 suhoshin项目的会话加密功能,此补丁集已包含在内在大多数基于debian的系统中.它可以配置为使用从各种来源生成的密钥对会话文件的内容进行编码,以保护会话内容免受同一台计算机(共享主机)上运行的其他php脚本或会话劫持的影响.来源之一是 docroot (由默认值),通常在每个子域上都不同. 简单的 很明显,您可以编辑php.ini以禁用整个加密,或者如果可以访问服务器,则只能禁用docroot部分. 如果不这样做,并且服务器正在运行apache,请尝试在php应用程序根目录的 如果它能正常工作,您应该在phpinfo()输出中看到区别. (本地值列) 如果主机不允许 phpinf的输出应该与 I have a website running with two subdomains, both of which require login (based on the same DB access credentials). In order to make it easier for users, I wanted to change it so they can navigate both subdomains without having to log in separately: essentially, they log in at one of the subdomains and can then freely navigate between one and the other. One solution I found at Allow php sessions to carry over to subdomains involves changing the session.cookie_domain variable to so that all subdomains would share the session variables, but something seems to be wrong. I can still login at subdomain1 and navigate it, but as soon as I load a page from subdomain2, subdomain1 instantly loses all its session data and I'm taken back to the login page. This also happens the other way around (logging in from subdomain2 at first). Prior to the change, subdomains could be simultaneously logged in but they wouldn't 'see' each other. What could be causing this problem to occur? My suspect is the suhoshin project's session encryption feature, this patchset is included in most debian based systems. It can be configured to encode the session file's content with a key generated from various sources, to protect the session contents from other php scripts running on the same machine (shared hosting) or session hijacking. One of the sources is the docroot (enabled by default) which is usually different on every subdomain. A simple Obviously you can edit your php.ini to disable the whole encryption or only the docroot part if you have access to the server. If you don't, and the server is running apache, try disabling it in the If its working you should see the difference in the phpinfo() output. (Local value column) If your host doesn't allow a The output of the phpinf should be same as in the 这篇关于PHP会话正在子域之间重置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!检查其是否已安装
phpinfo()将报告扩展名及其设置,在名为suhosin的块中查找,然后在其下查看suhosin.session.encrypt和suhosin.session.cryptdocroot是否已打开禁用加密
.htaccess文件中将其禁用,如下所示:php_flag "suhosin.session.cryptdocroot" 0
.htaccess文件,则可以在php中设置相同的变量,但是在session_start()之前进行设置很重要.希望您可以使用某种前端控制器来放置它.ini_set('suhosin.session.cryptdocroot', 0);
phpinfo();
.htaccess方法中的cryptdocroot行相同,并带有"Off"局部值. Check if its installed
phpinfo() will report the extension and it's settings, look for a block named suhosin and below that see if suhosin.session.encrypt and suhosin.session.cryptdocroot is onDisabling the encryption
.htaccess file of your php app's root like this:php_flag "suhosin.session.cryptdocroot" 0
.htaccess file, you can set the same variable in php, but its important to do it before session_start(). Hopefully you have some kind of a front controller to place this in.ini_set('suhosin.session.cryptdocroot', 0);
phpinfo();
.htaccess method, cryptdocroot line with an "Off" local value.
