跨子域维护会话变量 [英] Maintaining Session Variables across Subdomains

问题描述

我一直在尝试维护两个子域之间的会话变量，但发现这是不可能的.我最终创建了 2 个最小的 PHP 网页作为测试平台，一个我称之为测试 1"的只是设置

I have been trying to maintain session vars between two subdomains and found it impossible. I ended up creating 2 minimal PHP web pages as a test bed, one I call 'test 1' just sets

$_SESSION['test'] = "Fred";

并且有一个指向test 2"的超链接，它只是试图回应 $_SESSION['test'] 的值来证明它是否有效.我将test 1"放在我的 www 域中，将test 2"放在我的子域中.我从各种来源尝试了各种版本的标题中应该包含的内容.以下是主要的 3 个(当然还有它们的变体):

and has a hyperlink to 'test 2' which simply tries to echo the value of $_SESSION['test'] to prove it's worked, or not. I place 'test 1' in my www domain and 'test 2' in my sub domain. I try various version of what should go in the header, from various sources. Here are the main 3 (and of course their variants):

ini_set('session.cookie_domain',substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
session_start();

或

ini_set('session.cookie_domain','mydomain.com');
session_start();

或

ini_set('session.cookie_domain', PHP_INI_ALL);
session_start();

或

session_set_cookie_params(0, "/", ".mydomain.com", false);
session_start();

我发现我在每种情况下都得到了相同的结果.会话不会跨子域进行，页面测试 2 不知道我将 $_SESSION['test'] 设置为什么值.然而，网络上似乎有很多确定性，即上述方法之一应该有效.知道会发生什么吗，特别是因为我使用最少的页面来测试机制(我看不到任何副作用)?顺便说一下，我在共享服务器上，如果这在这里相关的话.

I find that I get an identical result in every case. The session is not carried across the subdomains and page test 2 has no idea what value I set $_SESSION['test'] to. Yet there seems to be plenty of certainty around the 'net that one of the above methods should work. Any idea what could be going on, especially since I am using minimal pages to test the mechanism (no side effects that I can see)? By the way I am on a shared server, if that's pertinant here.

谢谢你的想法.弗兰克.

Thank you for your thoughts. Frank.

编辑.我修好了.问题是由 Suhosin 引起的.请参阅本页底部的详细答案.

推荐答案

好吧，我搞定了，它很糟糕.

Ok I nailed it and it was a stinker.

Suhosin 的 suhosin.session.cryptdocroot 选项是问题的全部原因.当会话加密密钥基于 DocRoot 时，当基域和子域从不同目录提供服务时，它会导致子域无法看到彼此的会话变量.这会导致服务器上的会话变量存储在不同的文件夹中，因此它们对每个相应的域都不可见.

Suhosin's suhosin.session.cryptdocroot option was the entire cause of the problem. When the session encryption key is based on the DocRoot it causes the subdomains to fail to see each other's session variables when the base domain and the subdomains are served from different directories. This leads to the session vars on the server being stored in different folders and hence they are not visible to each of the corresponding domains.

解决方案.只需在 php.ini 文件中添加这两行:

Solution. Simply add these 2 lines in your php.ini file:

suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off

追查 48 小时的噩梦，修复需要 4.8 秒.

A 48 hour nightmare to track down, 4.8 seconds to fix.

这篇关于跨子域维护会话变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！