php 7.3 无法打开隐藏会话(session_id() 设置 id 失败) [英] php 7.3 can not open hidden session (session_id() fails to set id)
问题描述
我有一个 php 应用程序,它打开一个会话并像往常一样将适当的 cookie 发送到浏览器.
I have a php application that opens a session and sends the appropriate cookie to the browser like normal.
我想在脚本的某处关闭当前会话,悄悄在后台打开一个新会话,从这个后台会话"中获取一些值,再次关闭它并恢复主会话(用户获得 cookie 的那个).
Somewhere in the script I want to close the current session, silently open a new one in the background, get some values from this "background session", close it again and resume the main session (the one the user got cookies for).
在具有 PHP 7.0 的 Debian Stretch 中,以下最小示例效果很好,但现在在 PHP 7.3 (Debian Buster) 中,我收到几个警告,并且该示例停止工作.
In Debian Stretch having PHP 7.0 the following minimal example worked like a charm but now in PHP 7.3 (Debian Buster) I get several warnings and the example ceases to work.
预期输出(如在 PHP 7.0 中):
Expected output (as in PHP 7.0):
Main session closed now...<br>
Read data '10' and closed hidden session again...<br>
Main session resumed...<br>
实际输出(如在 PHP 7.3 中):
Actual output (as in PHP 7.3):
Main session closed now...<br>
Warning: session_id(): Cannot change session id when headers already sent
Warning: session_start(): Cannot start session when headers already sent
Read data '' and closed hidden session again...<br>
Warning: session_id(): Cannot change session id when headers already sent
Warning: session_start(): Cannot start session when headers already sent
Main session resumed...<br>
最小(非)工作示例:
$options=array('use_cookies'=>false, 'cache_limiter'=>'');
session_start();
$main_id=session_id();
$_SESSION["value"] = "xxx";
session_write_close();
echo "Main session closed now...<br>\n";
flush();
session_id("IdOfHiddenSession");
session_start($options);
$count=$_SESSION['count']++;
session_write_close();
echo "Read data '$count' and closed hidden session again...<br>\n";
flush();
session_id($main_id);
session_start($options);
echo "Main session resumed...<br>\n";
flush();
我该如何解决这个问题?
推荐答案
解决方案是在脚本启动时禁用 所有会话 的会话 cookie 而不是允许第一个 session_start() 的 cookie
并在随后的 session_start()
调用中禁用它们.
The solution is to disable session cookies for all sessions on script start instead of allowing cookies for the first session_start()
and disabling them for subsequent session_start()
calls.
在这种情况下,您必须自己发送主会话的 cookie!
因此在脚本开始时执行:
So on script start do:
ini_set("session.use_cookies", 0);
ini_set("session.use_only_cookies", 1);
并根据需要自行设置 cookie:
And set the cookie yourself, if needed:
header("Set-Cookie: {$name}={$id}; path=/; secure; HttpOnly; SameSite=Strict");
问题的示例代码因此变为:
The example code of the question thus becomes this:
//do this *only* on script start before headers are sent
if(!headers_sent())
{
session_cache_limiter('');
ini_set("session.use_cookies", 0);
ini_set("session.use_only_cookies", 1);
}
session_start();
$main_id=session_id();
//send cookie
header("Set-Cookie: PHPSESSID={$main_id}; path=/; secure; HttpOnly; SameSite=Strict");
$_SESSION["value"] = "xxx";
session_write_close();
echo "Main session closed now...<br>\n";
flush();
session_id("IdOfHiddenSession");
session_start();
$count=$_SESSION['count']++;
session_write_close();
echo "Read data '$count' and closed hidden session again...<br>\n";
flush();
session_id($main_id);
session_start();
echo "Main session resumed...<br>\n";
flush();
这篇关于php 7.3 无法打开隐藏会话(session_id() 设置 id 失败)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!