Codeigniter 3.0.3会话不是持久性的 [英] Codeigniter 3.0.3 sessions are not persistent
问题描述
我遇到了一个很奇怪的问题,Codeigniter 3.0.3中的会话没有保存为下一个请求。每次完成请求时,它都会创建一个新的会话记录,并且下次不再使用。
I am having very weird problem, The sessions in Codeigniter 3.0.3 are not saved for next request. Each time when a request is done, it creates a new session record and doesn't use it next time.
它的怪异之处是,它在 HTTPS 版本的网站上可以工作,但不能 HTTP 。
The weird part of it is, it does work on HTTPS version of website, but not HTTP.
方案:在我的网站登录页面上,我进行了AJAX调用(为此我设置了一些会话变量和FlashData)。收到成功消息后,将页面重新加载到个人资料页面。
The scenario: On the login page of my website, I do an AJAX call (on this call I set some session variables and flashdatas). Once I get success message, I reload page to the profile page.
当我使用HTTP时,整个过程不起作用,但是使用HTTPS。
This whole process don't work when I use HTTP, but HTTPS.
任何帮助将不胜感激。
Any help would be appreciated.
编辑v1:另外,即使 CSRF 也无法通过HTTP正常工作。我禁用它来测试系统。
EDIT v1: Addition, even CSRF doesn't work over HTTP. I disable it to test the system.
编辑v2: @DFriend请求的代码
EDIT v2: Code requested by @DFriend
配置。 php
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'jupiter';
$config['sess_expiration'] = 0;
$config['sess_save_path'] = "hkr_sessions";
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '.jupiter.rjv.me';
$config['cookie_path'] = '/';
$config['cookie_secure'] = TRUE; // PS: tried FALSE version as well, but no change.
$config['cookie_httponly'] = FALSE;
User.php 控制器
public function login_required() {
if (!$this->logged_in()) {
$this->session->set_flashdata("login_error", "You have to be logged in to see this page.");
$this->session->set_userdata('redirect_back', $this->agent->referrer());
redirectt('/login');
}
}
routes.php
$route['login/required'] = 'user/login_required';
当我浏览到 http:// domain时,这种简单方法.ltd / login / required ,它会重定向到 http://domain.ltd/login 并显示类似的打印消息,您必须登录以查看此页面。 。用户登录后,它会将用户重定向回之前的页面。
A simple method like this, when I browse to http://domain.ltd/login/required it redirects to http://domain.ltd/login with printing message like "You have to be logged in to see this page.". Once the user logins, it redirects user back to the page previously he/she was.
就我而言,它确实重定向到了 / login 页面,但是没有打印出flashdata消息。
In my case it does redirect to /login page, but doesn't print out flashdata message.
这里是 MY_Controller.php
class MY_Controller extends CI_Controller {
protected $logged_in = NULL;
protected $is_ajax = NULL;
protected $user_id = NULL;
public function __construct() {
parent::__construct();
log_message("DEBUG", "session variables: " . print_r($this->session->all_userdata(), true));
$this->logged_in = $this->session->userdata('logged_in');
$this->is_ajax = $this->input->is_ajax_request();
$this->user_id = $this->session->userdata('user_id');
}
}
如您所见,我在每个变量上打印出会话变量请求。
As you see, I print out session variables on each request.
这是HTTP请求上的会话输出:
Here is the output of the sessions over HTTP request:
DEBUG - 2016-01-03 07:17:27 --> session variables: Array
(
[__ci_last_regenerate] => 1451805447
)
这是HTTPS请求上的会话输出:
Here is the output of the sessions over HTTPS request:
DEBUG - 2016-01-03 07:19:44 --> session variables: Array
(
[__ci_last_regenerate] => 1451805564
[redirect_back] => https://jupiter.rjv.me/book/1497-sefiller-viktor-mari-huqo
)
我没有更改任何代码,只是在两个请求上都尝试过,HTTP和HTTPS。会话输出是不同的。一个不保存,另一个保存。我希望这可以帮助您识别问题。
I haven't changed any code, just tried on both requests, HTTP and HTTPS. The session outputs are different. One doesn't save, the other does. I hope this would help you to identify the problem.
推荐答案
我实际上是在上修改标头。 htaccess 文件,其中一个规则导致了此问题。看到注释的行-该行就是问题。
I was actually modifying headers on my .htaccess file and one rule was causing the issue. See the commented line - that line was the issue.
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
Header set X-XSS-Protection: "1; mode=block"
Header unset Server
Header set X-Content-Security-Policy "allow 'self';"
# Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</IfModule>
这篇关于Codeigniter 3.0.3会话不是持久性的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
