CakePHP Cookie/会话问题 [英] CakePHP Cookie/Session problems

问题描述

我的 CakePHP 应用程序有问题.这似乎仅在 IE 中发生，并且仅在某些计算机上发生.不过，它在发生这种情况的计算机上是一致的.

I am having issues with my CakePHP application. This seems to be happenining only in IE, and only on certain computers. It is consistent on the computers where it is happening though.

问题一:用户登录并在页面 https://example.com/users/view 上点击签名出去.用户被重定向到 http://example.com 并且似乎已注销，直到用户访问另一个 https 页面并且他们仍处于登录状态.他们可以根据需要多次单击注销，但他们始终登录 https，只能从 http 注销.

Issue one: User is logged in and on the page https://example.com/users/view and clicks sign out. User is redirected to http://example.com and appears to be logged out until the user visits another https page and they are still logged in. They can click log out as many times as they want but they are always logged in on https and only get logged out on http.

问题二:用户登录 https://example.com/users/signin 他们被重定向到 http://example.com 现在似乎已登录.用户转到 https://example.com/admin/slides 并且还不知道它但现在已注销，单击任何其他页面(或只是刷新他们的当前页面)将要求他们再次登录.

Issue two: User logs in at https://example.com/users/signin they are redirected to http://example.com and now appear to be logged in. User goes to https://example.com/admin/slides and does not know it yet but is now logged out, clicking on any other page (or just refreshing their current page) will ask them to log in again.

我不知道发生了什么.我已经阅读并尝试了针对这些类似问题描述的解决方案:从 ssl 移动到非 ssl 时会话不保存 和 Cookie 不保存在 IE 中更新/覆盖，但我仍然遇到同样的问题.

I have no idea whats going on. I have read and tried the solutions described on both these similar issues: Session not saving when moving from ssl to non-ssl and Cookie not renewing/overwriting in IE but I am still having the same problems.

到目前为止我注意到的唯一线索(我不知道这是否意味着什么)是我调试 $_SESSION 和 $this->Session->read() 在 HTTP 页面上总是只有 $this->Session->read() 返回一个值.在 HTTPS 页面上，有些总是为两者返回相同的值，有些总是只返回 $this->Session->read() 的值.

The only clue I have noticed so far, (and I don't know if this means anything) is when I debug both $_SESSION and $this->Session->read() on HTTP pages ALWAYS only $this->Session->read() returns a value. on HTTPS pages some ALWAYS return the same value for both, others ALWAYS only return a value for $this->Session->read().

例如，http://example.com 和 https://example.com/users 永远不会看到 $_SESSION，https://example.com/carts 总是看到 $_SESSION.我不确定，但我想也许安全页面应该看到它，因为有些不能，也许有什么问题，但是当我检查代码时，我看不出有什么区别可以表明为什么一个人这样做，一个人不这样做'

For example, http://example.com and https://example.com/users never sees $_SESSION, https://example.com/carts always sees $_SESSION. I am not sure but I am thinking that maybe the secure pages are supposed to be seeing it and since some can't maybe something is wrong, however when I inspect the code I see no difference that would suggest why one does and one doesn't.

此外，如果我将 $this->Session->destroy() 添加到 AppController 中的 beforeFilter，那么所有页面甚至 HTTP 都可以看到 $_SESSION.我实际上并没有在我的应用程序中使用 $_SESSION，我只是认为这可能是错误的线索.

Also, if I add $this->Session->destroy() to the beforeFilter in AppController, then all pages even HTTP can see $_SESSION. I am not actually use $_SESSION in my application, I just thought this might be a clue to whats wrong.

更新

我采纳了 Gustav Bertram 的建议并查看了用户代理字符串.我将存在问题的计算机上的用户代理字符串与 IE 与没有问题的计算机上的 IE 进行了比较.它们是相同的，除了有问题的用户代理字符串中有google chrome frame".我从那台电脑上卸载了谷歌浏览器框架，重新启动，再试一次，问题似乎解决了.

I tooked Gustav Bertram's advice and looked at the user agent string. I compared the user agent string with IE on a computer that was having the issue to IE on a computer that was not having the issue. They were the same except the one that was having problems has "google chrome frame" in the user agent string. I uninstalled Google Chrome Frame from that computer, restarted, tried again and the problem seemed to be solved.

如果这是真正的原因，那么简单的解决方案是让用户卸载 Chrome 框架.但是我想知道是否有解决方法可以让他们安装 chrome 框架并且仍然可以工作.

If this is the true cause, then the simple solution would be to make users uninstall Chrome frame. However I wonder if there is a work around that would allow them to have chrome frame installed and still work.

推荐答案

尝试将以下内容添加到您的 core.php 文件中:

Try adding the following to your core.php file:

Configure::write('Session.checkAgent', false);
Configure::write('Session.ini',array('session.cookie_secure' => false, 'session.referer_check' => false));

即使通过 Google Chrome 框架，这些参数也应强制 cookie 保持不变.这将设置 PHP 和 CakePHP 的设置，以允许 cookie 通过 http 和 https 持久化.

These parameters should force the cookie to persist even through Google Chrome Frame. This will set both PHP and CakePHP's settings to allow cookies to persist over http and https.

这篇关于CakePHP Cookie/会话问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！