IP和域创建不同的会话 [英] IP and domain create different session

问题描述

我用用户登录建立了一个网站.现在，由于某种原因，当我从站点的 IP 和站点的域进入时，会创建一个不同的会话.

I've built a website with a user-login. Now, for some reason when I enter from the site's IP and from the site's domain a different session is created.

在网站中，我使用了一个全局参数，名为:ROOT 其中:

In the website I use a global parameter, named: ROOT where:

define("HOST", "localhost/final-project-management-system");
define("ROOT", "http://".HOST."/");

我在网站上提供了很多与ROOT相关的链接.

I give a lot of links related to ROOT in the website.

当我尝试连接到 IP 时，会创建一个初始会话，但是当我移动到涉及 ROOT 的页面时，会创建一个新会话并删除旧会话.

When I try connect to the IP, an initial session is created, but when I move to one of the pages with ROOT involved, a new session is created and the old session is deleted.

有人知道为什么会这样吗?

Does anyone have any idea why this happens ?

谢谢..

推荐答案

PHP 会话基于 cookie 的范围，您描述的行为正是其工作原理.

PHP sessions are based on the scope of cookies, and the behaviour you describe is exactly how this works.

cookie 的范围仅由基于浏览器地址栏中显示的主机名(或 IP)的字符串值定义.仅仅因为主机名解析为特定 IP，并不意味着它们共享 cookie.

The scope of a cookie is defined simply by a string value based on the hostname (or IP) that appears in the address bar of the browser. Just because an hostname resolves to a specific IP, does not mean they share cookies.

如果您考虑一下，那么当您考虑共享托管环境时，将 cookie 范围基于已解析的 IP 地址可能会导致站点之间 cookie 泄漏的重大问题.

If you think about it then basing the cookie scope on the resolved IP address would potentially cause major problems with cookies leaking between sites when you consider shared hosting environments.

为了使这项工作正常进行，用户必须通过 DNS 名称​​或 IP 地址访问该站点，而不是同时通过两者.您可以手动传递会话 ID 来解决此问题，但不建议这样做(至少我不推荐这样做).

In order to have this work correctly, the user will have to access the site via either the DNS name or the IP address, not both. You can pass the session ID manually to work around this, but it doesn't come recommended (not by me, at any rate).

这篇关于IP和域创建不同的会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！