CakePHP 会话更新但 cookie 过期没有 [英] CakePHP Session updates but cookie expiry doesn't
问题描述
简短问题:
当我的会话的过期时间在服务器上更新时,为什么我的会话 cookie 的过期时间没有在浏览器中更新?
Why doesn't my session cookie's expiry time get updated in the browser when my session's expirty time is updated on the server?
长问题:
几周前我发布了一个关于此的类似问题,但我没有没有当时的所有事实.我现在有更多细节,问题的性质已经改变,所以我将其作为一个新问题发布.
I posted a similar question about this a few weeks ago but I didn't have all of the facts at the time. I now have more detail and the nature of the question has changed so I'm posting it as a new question.
首先,在 CakePHP 2 中,我已经为会话设置了 APP/Config/core.php :
First of all, in CakePHP 2, I've set up APP/Config/core.php with the following for the session:
Configure::write('Session', array(
'defaults' => 'database',
'cookie' => 'mycookie',
'timeout' => 1 // 1 minute - just for testing
));
因此,我在我的应用程序中加载了一个页面,该页面在数据库中创建了会话.到目前为止一切都很好.
So, I load a page which in my app which creates the session in the database. All good so far.
会话被标记为在 1341288066 到期,即 Tue, 03 Jul 2012 04:01:06 GMT.同样,这很棒,因为那是从现在开始的 1 分钟.正是我想要的.
The session is stamped to expire at 1341288066 which is equal to Tue, 03 Jul 2012 04:01:06 GMT. Again, this is great because that's 1 minute from now. Exactly what I wanted.
如果我查看 Firefox 的 cookie 屏幕,我会像预期的那样找到 cookie:
If I look in Firefox's cookie screen, I find the cookie just as I would have expected it:
Name: mycookie
Content: aqm0gkmjfsuqje019at8cgsrv3
Host: localhost
Path: /
Send for: Any type of connection
Expires: Tue 03 Jul 2012 11:01:06 AM ICT // (04:01:06 GMT)
现在,在这个 1 分钟的窗口内,我返回到我的应用程序并刷新页面.然后,我检查会话以查看它是否已更新.它针对会话 ID aqm0gkmjfsuqje019at8cgsrv3 显示 1341288122,它等于 Tue, 03 Jul 2012 04:02:02 GMT,这又是什么我期望.会话的到期时间已更新为从我上次重新加载页面时算起的 1 分钟.
Now, within this 1-minute window, I go back to my app and refresh the page. Then, I check the session to see if it's updated. It shows 1341288122 against the session id aqm0gkmjfsuqje019at8cgsrv3 which is equal to Tue, 03 Jul 2012 04:02:02 GMT which, again, is what I expected. The expiry of the session has been updated to be 1 minute from when I last reloaded the page.
遗憾的是,浏览器中的 cookie 仍设置为 Expires: Tue 03 Jul 2012 11:01:06 AM ICT(即:04:01:06 GMT) 而这正是它的作用,这意味着下次我按下刷新时,Cake 会生成一个全新的会话 ID,即使旧的会话 ID 在技术上仍然有效.
Unfortunately, the cookie in the browser is still set to Expires: Tue 03 Jul 2012 11:01:06 AM ICT (ie: 04:01:06 GMT) and that's exactly what it does, meaning that the next time I press refresh, Cake generates a brand new session ID even though the old one is still technically valid.
我的问题基本上是这里发生了什么?为什么 cookie 没有在浏览器中更新为新的到期日期?
My question is basically what is going on here? Why doesn't the cookie get updated with the new expiry date in the browser?
推荐答案
您发现的问题确实出乎意料,并结束了应该保持活力的会话.
The issue you have spotted is indeed unexpected and ends sessions where they should stay alive.
这是 CakePHP 使用 PHP 的 Session 函数的结果.有一个条目(#3047) 在 CakePHP bugtracker 中,Mark Story(CakePHP 开发人员)同意这应该被修复
This is the result of how CakePHP uses the Session functions of PHP. There is an entry (#3047) in the CakePHP bugtracker, where Mark Story (CakePHP developer) agrees this should be fixed
我同意 cookie 应该与存储在会话中的会话时间一起更新.然而,PHP 的会话处理内部特性并不是这样工作的.似乎有几种不同的方法可以解决此问题.
I can agree that the cookies should be updated alongside the session times stored in the session. However, that's not how PHP's internal features for session handling work. There seem to be a few different ways to workaround this issue.
由于这会改变当前的行为(不管它可能有多奇怪),但修复被推迟到 2.3 版.
As this will change the current behavior (however weird it may be), the fix is postponed to version 2.3, though.
我认为在 PHP 之外管理 cookie 状态将是最合适的解决方案.不过,我不知道对现有应用程序进行更改的安全性如何.改变会话的工作方式可能会发生巨大的变化,并且允许用户在日志中停留更长时间可能不是所有开发人员所期望的.
I think managing the cookie state outside of PHP is going to be the most appropriate solution. I don't know how safe of a change this is for existing applications though. Changing how sessions works can be dramatic change and allowing users to stay logge din much longer might not be what all developers are expecting.
这篇关于CakePHP 会话更新但 cookie 过期没有的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
