PHP session.cookie_secure:设置为 true 时禁用会话 [英] PHP session.cookie_secure: Disables sessions when set to true

问题描述

当我设置以下配置时:

ini_set("session.cookie_secure", 1);

我的整个应用程序的会话都被禁用，我无法再写入或读取会话变量.

My whole application's session disables and I can no longer write to or read from session variables.

$sessionName = "us";
session_name($sessionName);
ini_set('session.cookie_httponly', 1);
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.hash_function', 'whirlpool');
ini_set('session.use_only_cookies', 1);
// ini_set('session.cookie_secure', 1);
session_start();
session_regenerate_id();

此配置是否与 session.cookie_secure 兼容?PHP 手册似乎没有解释所有这些配置.手册

Is this config compatible with session.cookie_secure? PHP Manual doesn't seem to have explanation of all these configs. Manual

推荐答案

session.cookie_secure 指定 cookie 是否应仅通过安全连接 (HTTPS) 发送.如果您使用 HTTP，则不会从服务器获得任何 cookie.这就是您没有会话的原因.

session.cookie_secure specifies whether cookies should only be sent over secure connections (HTTPS). If you're using HTTP, you won't get any cookies from the server. That's why you don't have a session.

我应该更准确.您获得了 cookie，但您的浏览器不会将它们发送到服务器，因为您没有使用安全连接.

edit: I should be more accurate. You get the cookies, but your browser doesn't send them to the server, because you're not using a secure connection.

这篇关于PHP session.cookie_secure:设置为 true 时禁用会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！