当iframe调用网站时，会话无法正常工作 [英] Sessions are not working when the site is called by an iframe

问题描述

我有第一个网站 https://www.mydomain1.com ，其中使用了PHP会话.没问题，一切正常，当我一页一页地浏览时，我可以访问我的会话变量.

I have a first site https://www.mydomain1.com in which I use PHP sessions. No problem, everything works fine, when I go from page to page, I can access my session variables.

我有第二个站点 https://www.mydomain1.com ，其中显示了我的部分内容通过iframe的第一个网站:

I have a second site https://www.mydomain1.com in which I display part of my 1st site via an iframe:

<iframe src = "https://www.mydomain1.com" width = "100%" frameborder = "0" style = "border: 0" allowfullscreen = "allowfullscreen" id = "frameLeonard"> </iframe>

奇怪的是，会话变量不再被识别.我什至没有试图让我的第一个站点从第二个站点访问会话变量(这不是目标，并且正常工作是不正常的)，而只是在第一个站点内运行第二个站点.

And there strangely, the session variables are no longer recognized. I'm not even trying to get my 1st site to access the session variables from the 2nd site (that's not the goal and it's normal that it doesn't work) but just run the 2nd site inside the 1st site.

奇怪的是，它在一年前仍在工作.是否有任何升级可以解释该问题?

Strangely, it was still working a year ago. Has there been any upgrade that would explain the problem?

提前感谢您的照明！

推荐答案

现在我找到了原因，chrome显示了这种行为.对于版本80(2020年2月)，它具有默认情况下的SameSite Cookie"默认情况下启用此功能，这意味着在iframe中包含外部页面(不同的域)将终止其会话.

Now I found the reason, chrome shows this behaviour. With version 80 (Feb. 2020) it has it's "SameSite by default cookies" enabled as default, which means that including external pages (different domain) inside an iframe, will kill their sessions.

为防止这种情况，您可以禁用默认情况下，SameSite Cookies"在chrome://flags中注意:这可能是一个安全问题(但现在已经解决了我的问题)

For preventing this, you can disable "SameSite by default cookies" in chrome://flags Beware: This might be a security issue (but solved my problem for now)

否则，如果使用的是PHP 7.3或更高版本，则可以在PHP中的 session_start()之前添加以下(或同时)以下 ini_set():

Otherwise - if using PHP 7.3 or newer - you could add one (or both) of the following ini_set() in your PHP before session_start():

ini_set('session.cookie_samesite', 'None');
session_set_cookie_params(['samesite' => 'None']);

您在这里获得更多详细信息: https://blog.heroku.com/chrome-changes-samesite-cookie#prepare-for-chrome-80-updates

Here you get further details: https://blog.heroku.com/chrome-changes-samesite-cookie#prepare-for-chrome-80-updates

这篇关于当iframe调用网站时，会话无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！