PHP/Drupal，会话存储和加密 [英] PHP / Drupal, Session Storage and encryption

问题描述

我们在许多站点上使用Drupal.在除一台服务器上的所有服务器上，会话表中的数据显示为序列化字符串.这是正常行为AFAIK.

We're using Drupal on a number of sites. On all but one server, the data in the sessions table appears as a serialised string. This is normal behaviour AFAIK.

在异常服务器上，会话数据的存储方式如下，

On the exception server, the session data is stored looking like,

_C0c5x_xpVKkya5nD68ChpaKaHYNzWTlEN52gOCkH1fIAvj3ziCydGnNbLXTO75q_pYLhumOYHzxD1D
_ue5tRgeeQR4YUIDWtAZ2hxlJ7QUHS-KvUnYb5tHMFUCpFuGMY4brDUfOwlUScSgC1cVvuT51cm62bD
jmU1XBvVAtZAfNrHpwgcy_-YE9a9ViXd4Jdzy7yzYo8ZGXoh0_p-xs3vfuQnsiCe3KkH89q_YiZwux8

(只有一行，而且比这更长)

(all one line, and very much longer than this)

这是PHP的session.serialize_handler配置设置的结果吗?

Is it the result of PHP's session.serialize_handler configuration seting?

这是什么?如何禁用它?

What's this? How can it be disabled?

这是来自站点A的示例会话条目-这就是我想要看到的内容:

Here's an example session entry from site A - this is what I'd like to see:

captcha|a:1:{s:12:"comment_form";a:3:{s:32:"5ce32afb28f38e2ec854eb2f9340e2e5";b:1;s:7:"success";b:0;s:32:"ba52f551aa38e84111938ef9fc2111e4";b:1;}}

这是来自站点B的一个，带有已编码"会话数据:

And here's one from site B, with the "encoded" session data:

tYeyamtSbI6U_Z5a0DXCwL1pwoY5DUBDNOTDjyftul9Z4TLMMDdVr_8HxPWTleQ8wrTIEPyRAdxb6Ukz69tSEQ..

编码值始终以句点结尾.

The encoded values always end with a period.

推荐答案

原因是Suhosin的透明会话加密.

The cause was Suhosin's transparent session encryption.

php.net(在session_set_save_handler()上)和 hardened-php.net(在suhosin配置上)

这篇关于PHP/Drupal，会话存储和加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！