为什么PHP不能使用Internet Explorer为特定用户保存会话变量? [英] Why does PHP not save session variables for specific users with Internet Explorer?

问题描述

我在一个网站上遇到问题，在该网站上PHP不能使用Internet Explorer为特定用户保存会话变量.但是对于使用Internet Explorer的某些其他用户则完全没有问题，并且使用其他浏览器的用户也没有任何问题.

I have a problem with a website where PHP does not save session variables for specific users with Internet Explorer. But for some other users with Internet Explorer there is no problem at all, and users with other browsers also do not have any problems.

我创建了以下三个小脚本，以确保不涉及网站中的其他代码:

I created the following three small scripts to make sure no other code in the website was involved:

test.php:

<?php
session_start();

function logMsg($text) {
    $filename = dirname(__FILE__) . "/test.log";
    $fh = fopen($filename, "a") or die("Could not open log file.");
    fwrite($fh, date("d-m-Y, H:i")." - $text\n") or die("Could not write file!");
    fclose($fh);
}

ob_start();
var_dump(session_id(), $_SESSION, $_SERVER, $_REQUEST);
$content = ob_get_clean();

logMsg("test.php");
logMsg($content);

$_SESSION['test'] = array('test' => 'lalala');
$_SESSION['count'] = 1;
?>
<a href="test2.php">Next</a>

test2.php:

<?php
session_start();

function logMsg($text) {
    $filename = dirname(__FILE__) . "/test.log";
    $fh = fopen($filename, "a") or die("Could not open log file.");
    fwrite($fh, date("d-m-Y, H:i")." - $text\n") or die("Could not write file!");
    fclose($fh);
}

ob_start();
var_dump(session_id(), $_SESSION, $_SERVER, $_REQUEST);
$content = ob_get_clean();

logMsg("test2.php");
logMsg($content);

$_SESSION['count']++;
?>
<a href="test3.php">Next</a>

test3.php:

<?php
session_start();

function logMsg($text) {
    $filename = dirname(__FILE__) . "/test.log";
    $fh = fopen($filename, "a") or die("Could not open log file.");
    fwrite($fh, date("d-m-Y, H:i")." - $text\n") or die("Could not write file!");
    fclose($fh);
}

ob_start();
var_dump(session_id(), $_SESSION, $_SERVER, $_REQUEST);
$content = ob_get_clean();

logMsg("test3.php");
logMsg($content);

var_dump($_SESSION)的预期输出如下:

array(0) {
}

array(2) {
    ["test"] => array(1) {
        ["test"] => string(6) "lalala"
    },
    ["count"] => int(1)
}

array(2) {
    ["test"] => array(1) {
        ["test"] => string(6) "lalala"
    },
    ["count"] => int(2)
}

但是，有问题的用户的输出如下:

However, the output for the users with the problem is the following:

array(0) {
}

array(0) {
}

array(1) {
    ["count"] => int(1)
}

这意味着不会为这些用户存储会话变量.但是，有问题的用户的会话ID在所有3个测试页中都是相同的.

This means that the session variables are not stored for these users. However, the session ID for the users with problems is the same for all 3 test pages.

有人知道这可能是什么吗?据我所知，有问题的代码已经运行了好几年，并且问题在上个月左右开始出现.

Does somebody have any idea what this could be? As far as I know the problematic code has worked for several years and the problems started showing in the last month or so.

修改

回答评论中的问题

• 我无法在本地计算机上复制问题.
• 我有来自IE7和IE9用户的问题报告.但是我不能肯定地说其他版本没有问题，因为可能还没有报告这些问题.
• 有问题的用户的浏览器没有禁用cookie，PHPSESSID cookie被发送到服务器.
• 计算机名称中没有-或_( https://stackoverflow.com/a/306601/534109).
• 使用session_regenerate_id()重新生成会话ID对有问题的用户的结果没有影响.
• 有问题的用户的时区和时间设置与服务器上的设置相同.

• I cannot replicate the problem on a local machine.
• I have reports of problems from users with IE7 and IE9. But I cannot say for certain that there are no problems with the other versions, because it could be that these are simply not reported yet.
• The browser of a user with the problem does not have cookies disabled, the PHPSESSID cookie is sent to the server.
• There are no - or _ in the machine name (https://stackoverflow.com/a/306601/534109).
• Regenerating the session id with session_regenerate_id() has no influence on the result for the users with the problem.
• Timezone and time settings for a user with the problem are the same as on the server.

编辑2

如@ nl-x在注释中所述，数据将存储在第二个请求中.因此，我调整了测试方案，并增加了下一步，以查看会话是否可在后续请求中使用.就是这种情况.在step2.php和step3.php中设置的会话数据在两次请求之间被保存.

As stated by @nl-x in a comment the data gets stored in the second request. So I adapted the test scenario and added another step to see if the sessions works in subsequent requests. And this is the case. Session data set in step2.php and step3.php are saved between requests.

所以现在的问题是，为什么第一个请求的会话数据丢失了，而后续的请求却没有丢失?

So now the question is why does session data for the first request get lost and not for subsequent requests?

推荐答案

我发现遇到问题的用户都安装了Chrome Frame.我通过在本地计算机上安装Chrome框架验证了这一点，在这种情况下，我能够复制问题.

I figured out that the users that were having the problems all had Chrome Frame installed. I verified this by installing Chrome Frame on a local machine, and in this case I was able to replicate the problems.

问题是由我们的服务器已安装Suhosin引起的.启用了以下Suhosin设置:

The problems were caused by the fact that our server has Suhosin installed. The following Suhosin settings were enabled:

suhosin.session.cryptua
suhosin.cookie.cryptua

这意味着用户代理字符串也是用户会话标识的一部分.通常这不是问题，但是对于安装了Chrome框架的用户，第一个请求和后续请求之间的User Agent字符串有所不同.禁用这些Suhosin设置后，再也不会出现问题.

This means that the User Agent string is also a part of the identification of a user's session. Normally this is not a problem, but for users with the Chrome frame installed the User Agent string differs between the first request and the subsequent requests. After disabling these Suhosin settings there were no more problems.

这篇关于为什么PHP不能使用Internet Explorer为特定用户保存会话变量?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！