php 7.3 无法打开隐藏会话(session_id() 设置 id 失败) [英] php 7.3 can not open hidden session (session_id() fails to set id)

问题描述

我有一个 php 应用程序，它打开一个会话并像往常一样将适当的 cookie 发送到浏览器.

I have a php application that opens a session and sends the appropriate cookie to the browser like normal.

我想在脚本的某处关闭当前会话，悄悄在后台打开一个新会话，从这个后台会话"中获取一些值，再次关闭它并恢复主会话(用户获得 cookie 的那个).

Somewhere in the script I want to close the current session, silently open a new one in the background, get some values from this "background session", close it again and resume the main session (the one the user got cookies for).

在具有 PHP 7.0 的 Debian Stretch 中，以下最小示例效果很好，但现在在 PHP 7.3 (Debian Buster) 中，我收到几个警告，并且该示例停止工作.

In Debian Stretch having PHP 7.0 the following minimal example worked like a charm but now in PHP 7.3 (Debian Buster) I get several warnings and the example ceases to work.

预期输出(如在 PHP 7.0 中):

Expected output (as in PHP 7.0):

Main session closed now...<br>
Read data '10' and closed hidden session again...<br>
Main session resumed...<br>

实际输出(如在 PHP 7.3 中):

Actual output (as in PHP 7.3):

Main session closed now...<br>
Warning: session_id(): Cannot change session id when headers already sent
Warning: session_start(): Cannot start session when headers already sent
Read data '' and closed hidden session again...<br>
Warning: session_id(): Cannot change session id when headers already sent
Warning: session_start(): Cannot start session when headers already sent
Main session resumed...<br>

最小(非)工作示例:

$options=array('use_cookies'=>false, 'cache_limiter'=>'');
session_start();
$main_id=session_id();
$_SESSION["value"] = "xxx";
session_write_close();
echo "Main session closed now...<br>\n";
flush();

session_id("IdOfHiddenSession");
session_start($options);
$count=$_SESSION['count']++;
session_write_close();
echo "Read data '$count' and closed hidden session again...<br>\n";
flush();

session_id($main_id);
session_start($options);
echo "Main session resumed...<br>\n";
flush();

我该如何解决这个问题?

推荐答案

解决方案是在脚本启动时禁用 所有会话 的会话 cookie 而不是允许第一个 session_start() 的 cookie 并在随后的 session_start() 调用中禁用它们.

The solution is to disable session cookies for all sessions on script start instead of allowing cookies for the first session_start() and disabling them for subsequent session_start() calls.

在这种情况下，您必须自己发送主会话的 cookie！

因此在脚本开始时执行:

So on script start do:

ini_set("session.use_cookies", 0);
ini_set("session.use_only_cookies", 1);

并根据需要自行设置 cookie:

And set the cookie yourself, if needed:

header("Set-Cookie: {$name}={$id}; path=/; secure; HttpOnly; SameSite=Strict");

问题的示例代码因此变为:

The example code of the question thus becomes this:

//do this *only* on script start before headers are sent
if(!headers_sent())
{
    session_cache_limiter('');
    ini_set("session.use_cookies", 0);
    ini_set("session.use_only_cookies", 1);
}

session_start();
$main_id=session_id();
//send cookie
header("Set-Cookie: PHPSESSID={$main_id}; path=/; secure; HttpOnly; SameSite=Strict");
$_SESSION["value"] = "xxx";
session_write_close();
echo "Main session closed now...<br>\n";
flush();

session_id("IdOfHiddenSession");
session_start();
$count=$_SESSION['count']++;
session_write_close();
echo "Read data '$count' and closed hidden session again...<br>\n";
flush();

session_id($main_id);
session_start();
echo "Main session resumed...<br>\n";
flush();

这篇关于php 7.3 无法打开隐藏会话(session_id() 设置 id 失败)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！