CodeIgniter会话set-cookie重复 - 如何解决 [英] CodeIgniter session set-cookie duplicated -- how to solve
问题描述
UPDATE:
我想知道是否有人可以查看我的答案,看看是否有任何漏洞。
在使用codeingiter和会话时有一个很好的文档:
在总结中,codeigniter每次调用set_userdata时都会设置一个set-cookie。
我发现了一个部分解决方案:
http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-ession- class /
此解决方案的唯一问题是代码需要随处插入。有一个简单的方法来清除所有的标题?我已经修改了一些代码,以删除php错误,但有一种方法,我可以使用一个钩子或东西?
;?php
class MY_Controller extends CI_Controller
{
public function __construct()
{
parent :: __construct
}
//查看(修改自)http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre- session- class /
protected function _removeDuplicateCookieHeaders()
{
//清除所有设置的cookie ...
$ headers = headers_list();
$ cookies_to_output = array();
$ header_session_cookie ='';
$ session_cookie_name = $ this-> config-> item('sess_cookie_name');
foreach($ headers as $ header)
{
list($ header_type,$ data)= explode(':',$ header,2);
$ header_type = trim($ header_type);
$ data = trim($ data);
if(strtolower($ header_type)=='set-cookie')
{
header_remove('Set-Cookie');
$ cookie_value = current(explode(';',$ data));
list($ key,$ val)= explode('=',$ cookie_value);
$ key = trim($ key);
if($ key == $ session_cookie_name)
{
// OVERWRITE IT(yes!do it!)
$ header_session_cookie = $ data;
continue;
}
else
{
//不是会话相关的cookie,正常添加它。可能是一个CSRF或一些其他cookie我们正在设置
$ cookies_to_output [] = array('header_type'=> $ header_type,'data'=> $ data);
}
}
}
if(!empty($ header_session_cookie))
{
$ cookies_to_output [] = array('header_type '=>'Set-Cookie','data'=> $ header_session_cookie);
}
foreach($ cookies_to_output as $ cookie)
{
header({$ cookie ['header_type']}:{$ cookie ['data' ]},false);
}
}
}
EDIT:如果你使用$ this-> load-> view(),只能使用这个代码。如果你在控制器中使用echo,这会导致在删除标题之前的输出甚至可以被删除。
EDIT需要php 5.3或更高版本。
我找到了一种方式,我认为我帮助别人解决这个问题。
application / hooks / session_cookie_fixer.php
pre><?php
class SessionCookieFixer
{
//查看(修改自)http://ha17.com/1745-bigip-f5 -header-max-size-collides-with-codeigniters-bizarre-session-class /
function removeDuplicateSessionCookieHeaders()
{
$ CI =& get_instance
//清理所有设置的cookie ...
$ headers = headers_list();
$ cookies_to_output = array();
$ header_session_cookie ='';
$ session_cookie_name = $ CI-> config-> item('sess_cookie_name');
foreach($ headers as $ header)
{
list($ header_type,$ data)= explode(':',$ header,2);
$ header_type = trim($ header_type);
$ data = trim($ data);
if(strtolower($ header_type)=='set-cookie')
{
header_remove('Set-Cookie');
$ cookie_value = current(explode(';',$ data));
list($ key,$ val)= explode('=',$ cookie_value);
$ key = trim($ key);
if($ key == $ session_cookie_name)
{
// OVERWRITE IT(yes!do it!)
$ header_session_cookie = $ data;
continue;
}
else
{
//不是会话相关的cookie,正常添加它。可能是一个CSRF或一些其他cookie我们正在设置
$ cookies_to_output [] = array('header_type'=> $ header_type,'data'=> $ data);
}
}
}
if(!empty($ header_session_cookie))
{
$ cookies_to_output [] = array('header_type '=>'Set-Cookie','data'=> $ header_session_cookie);
}
foreach($ cookies_to_output as $ cookie)
{
header({$ cookie ['header_type']}:{$ cookie ['data' ]},false);
}
}
}
?>
application / config / hooks.php
$ hook ['post_controller'] [] = array(
'class'=>'SessionCookieFixer',
'function'=>'removeDuplicateSessionCookieHeaders'
'filename'=>'session_cookie_fixer.php',
'filepath'=>'hooks',
'params'=> array()
);
UPDATE:
I am wondering if anyone can review my answer and see if there are any holes in it.
There is a well documented issue when using codeingiter and sessions at:
Duplicated "set-cookie: ci-session" fields in header by codeigniter
In summary codeigniter does a set-cookie each time set_userdata is called.
I found a partial solution at:
http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/
The only problem with this solution is that code needs to be inserted everywhere. Is there a simple way to clear all the headers? I have modified the code a little to remove php errors, but is there a way I can use a hook or something?
<?php
class MY_Controller extends CI_Controller
{
public function __construct()
{
parent:: __construct();
}
//See (modified from) http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/
protected function _removeDuplicateCookieHeaders ()
{
// clean up all the cookies that are set...
$headers = headers_list();
$cookies_to_output = array ();
$header_session_cookie = '';
$session_cookie_name = $this->config->item('sess_cookie_name');
foreach ($headers as $header)
{
list ($header_type, $data) = explode (':', $header, 2);
$header_type = trim ($header_type);
$data = trim ($data);
if (strtolower ($header_type) == 'set-cookie')
{
header_remove ('Set-Cookie');
$cookie_value = current(explode (';', $data));
list ($key, $val) = explode ('=', $cookie_value);
$key = trim ($key);
if ($key == $session_cookie_name)
{
// OVERWRITE IT (yes! do it!)
$header_session_cookie = $data;
continue;
}
else
{
// Not a session related cookie, add it as normal. Might be a CSRF or some other cookie we are setting
$cookies_to_output[] = array ('header_type' => $header_type, 'data' => $data);
}
}
}
if ( ! empty ($header_session_cookie))
{
$cookies_to_output[] = array ('header_type' => 'Set-Cookie', 'data' => $header_session_cookie);
}
foreach ($cookies_to_output as $cookie)
{
header ("{$cookie['header_type']}: {$cookie['data']}", false);
}
}
}
EDIT: Only use this code if you are are using $this->load->view(). if you are using echo right in a controller this will cause output before removing the headers can even get deleted.
EDIT requires php 5.3 or newer.
I have found a way that I think I help others with this issue. I haven't test it perfectly yet, but it appears to work.
application/hooks/session_cookie_fixer.php
<?php
class SessionCookieFixer
{
//See (modified from) http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/
function removeDuplicateSessionCookieHeaders ()
{
$CI = &get_instance();
// clean up all the cookies that are set...
$headers = headers_list();
$cookies_to_output = array ();
$header_session_cookie = '';
$session_cookie_name = $CI->config->item('sess_cookie_name');
foreach ($headers as $header)
{
list ($header_type, $data) = explode (':', $header, 2);
$header_type = trim ($header_type);
$data = trim ($data);
if (strtolower ($header_type) == 'set-cookie')
{
header_remove ('Set-Cookie');
$cookie_value = current(explode (';', $data));
list ($key, $val) = explode ('=', $cookie_value);
$key = trim ($key);
if ($key == $session_cookie_name)
{
// OVERWRITE IT (yes! do it!)
$header_session_cookie = $data;
continue;
}
else
{
// Not a session related cookie, add it as normal. Might be a CSRF or some other cookie we are setting
$cookies_to_output[] = array ('header_type' => $header_type, 'data' => $data);
}
}
}
if ( ! empty ($header_session_cookie))
{
$cookies_to_output[] = array ('header_type' => 'Set-Cookie', 'data' => $header_session_cookie);
}
foreach ($cookies_to_output as $cookie)
{
header ("{$cookie['header_type']}: {$cookie['data']}", false);
}
}
}
?>
application/config/hooks.php
$hook['post_controller'][] = array(
'class' => 'SessionCookieFixer',
'function' => 'removeDuplicateSessionCookieHeaders',
'filename' => 'session_cookie_fixer.php',
'filepath' => 'hooks',
'params' => array()
);
这篇关于CodeIgniter会话set-cookie重复 - 如何解决的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
