强制 php 在 url 中传递 SID - 即使浏览器接受 cookie [英] Force php to pass the SID in url - even if cookies are accepted in the browser

问题描述

我正在尝试让 php 通过 url 自动传递会话 ID，即使浏览器接受 cookie.

I'm trying to get php to automatically pass the session ID via url, even if the browser accepts cookies.

我知道 url 会话 ID 通常被认为是一个安全风险，但我有一个非常具体的应用程序，它需要几个单独的用户能够登录到同一个 php 会话，不管他们的浏览器有什么 cookie 设置.分享网址是我的目标，而不是威胁.

I know url session id are normally considered a security risk, but I have a very specific application in mind which requires several separate users to be able to log in to the same php session, despite what cookie settings their browsers have. Sharing the url is my aim here, rather than a threat.

将会有几个用户组"，每个组都应该有一个唯一的共享会话，所以简单地在代码中应用一个固定的会话 ID 是行不通的.我希望群组的所有者"能够发起会话，获取唯一 ID，然后通过 url 将其传递给所有其他用户.

There will be several "groups" of users, each group should have a unique shared session, so simply applying a fixed session id in the code won't work. I want the "owner" of the group to be able to initiate the session, get a unique id, then pass this on to all the other users, via a url.

由于它是一个现有的应用程序，我无法进行会影响其他用户正常会话行为的修改 - 这是针对特定 IP 组中的用户 - 这就是我尝试修改标准会话处理的原因.

As it's an existing application, I can't make modifications that will affect the normal session behaviour for other users - this is for users in a specific group of IPs - which is why i'm trying to modify the standard session handling.

我已经尝试使用 ini_set() 来禁用 session.use_cookie，但这只会阻止会话被记住.

I've tried using ini_set() to disable session.use_cookie, but that simply prevents the session from being remembered at all.

感谢收到任何建议.

推荐答案

您是否尝试启用 session.use_trans_sid ?

Have you try enabling session.use_trans_sid ?

这篇关于强制 php 在 url 中传递 SID - 即使浏览器接受 cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！