CakePHP 保持从主域到子域的会话 [英] CakePHP keep session from main domain across to a subdomain
问题描述
我正在使用 Cakephp,但在跨子域维护会话时遇到了问题.我的问题如下:
- 用户登录'localhost/login'
- 如果通过身份验证,它们将被重定向到customer.localhost/home".
目前 Cake 正在为每个域创建一个 cookie,即 localhost 和 customer.localhost.这意味着我无法让会话为用户工作.有没有办法将所有 cookie 域固定到父域,以保持会话跨子域工作?
我尝试在引导程序中输入此内容,但没有效果:ini_set('session.cookie_domain', '.localhost');
如果您认为这无法完成,请随时告诉我,以便我可以解决这个令人沮丧的问题.
非常感谢,
kSeudo
Sessions (CakePHP 2.x):
要使会话 cookie 对您的所有子域和顶级域有效,您实际上需要在 APP/config/bootstrap.php 文件中自行设置:
ini_set('session.cookie_domain', '.domain.com');然后,在您的 APP/config/core.php 文件中,将 Security 设置为低:
Configure::write('Security.level', 'low');<块引用>
"否则referer_check将被设置为当前的HTTP_HOSTCakeSession 对象第 441 行."
会话(CakePHP 3.x)
<块引用>会话 cookie 路径默认为应用程序的基本路径.要改变这个您可以使用 session.cookie_path ini 值.例如,如果你想要您的会话在您可以执行的所有子域中保持不变:
Configure::write('Session', ['默认' =>'php','ini' =>['session.cookie_path' =>'/','session.cookie_domain' =>'.yourdomain.com']]);<小时><小时>
Cookies (CakePHP 2.x):
在此页面上,它说明您可以使用域"变量:
<块引用>允许访问cookie的域名.例如使用.yourdomain.com"允许从您的所有子域访问.
根据他们的示例代码:
Cookie->name = 'baker_id';$this->Cookie->time = 3600;//或 '1 小时'$this->Cookie->path = '/bakers/preferences/';$this->Cookie->domain = 'example.com';$this->Cookie->secure = true;//即仅在使用安全 HTTPS 时发送$this->Cookie->key = 'qSI232qs*&sXOw!';$this->Cookie->httpOnly = true;}Cookies (CakePHP 3.x):
阅读此处.
<块引用>cookie 可用的域.使 cookie 可用在 example.com 的所有子域上将域设置为.example.com".
I am working with Cakephp and I have an issue maintaining session across subdomains. My problem is as follows:
- Users login on 'localhost/login'
- If authenticated they are redirected to 'customer.localhost/home'.
Currently Cake is creating a cookie for each domain ie localhost and customer.localhost. This means that I cannot keep the session working for the user. Is there a way to make all cookies domain fixed to the parent domain with the goal of keeping the session working across subdomains?
I have tried entering this in my bootstrap but it has no effect: ini_set('session.cookie_domain', '.localhost');
If you think this cannot be done please feel free to let me know so that I can move on from this frustrating problem.
Many thanks,
kSeudo
Sessions (CakePHP 2.x):
To make the session cookie valid for all your subdomains and the top level domain, you actually need to set it yourself in your APP/config/bootstrap.php file:
ini_set('session.cookie_domain', '.domain.com');
Then, in your APP/config/core.php file, set Security to low:
Configure::write('Security.level', 'low');
"otherwise the referer_check will be set to the current HTTP_HOST in the CakeSession object line 441."
Sessions (CakePHP 3.x)
The session cookie path defaults to app’s base path. To change this you can use the session.cookie_path ini value. For example if you want your session to persist across all subdomains you can do:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
'session.cookie_path' => '/',
'session.cookie_domain' => '.yourdomain.com'
]
]);
Cookies (CakePHP 2.x):
On this page it explains that you can use the 'domain' variable:
The domain name allowed to access the cookie. e.g. Use ‘.yourdomain.com’ to allow access from all your subdomains.
Per their example code:
<?php
public $components = array('Cookie');
public function beforeFilter() {
parent::beforeFilter();
$this->Cookie->name = 'baker_id';
$this->Cookie->time = 3600; // or '1 hour'
$this->Cookie->path = '/bakers/preferences/';
$this->Cookie->domain = 'example.com';
$this->Cookie->secure = true; // i.e. only sent if using secure HTTPS
$this->Cookie->key = 'qSI232qs*&sXOw!';
$this->Cookie->httpOnly = true;
}
Cookies (CakePHP 3.x):
The domain that the cookie is available. To make the cookie available on all subdomains of example.com set domain to ‘.example.com’.
这篇关于CakePHP 保持从主域到子域的会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
