跨子域的PHP会话2 [英] PHP Sessions across sub domains 2

问题描述

这是跨子网域的PHP会话的补充
$ b

因此，我需要在子域之间建立会话（ www.example.com 至 forum.example.com ）

我在 www.example.com 上做的是

  session_name 一个名字）; 
 session_set_cookie_params（0，'/'，'.example.com'）; 
 session_start（）; 
 
 echo session_id（）; 
 $ _SESSION ['test'] = 123; 
  

在 forum.example.com p>

  session_name（a_name）; 
 session_set_cookie_params（0，'/'，'.example.com'）; 
 session_start（）; 
 
 echo session_id（）; 
 print_r（$ _ SESSION）; 
  

session_id完全相同，但$ _SESSION不输出任何内容。

如何使 forum.example.com 输出 123 ？

我试过 session.cookie_domain = .example.com 但不改变任何东西。

我继续使用 forum.example.com ，它会销毁 www.example.com 会话，

这两个子域位于同一个Debian服务器上

我注意到的另一件事是，没有 session_name 和 session_set_cookie_params 它仍然有完全相同的session_id，当我设置 session.cookie_domain

谢谢

解决方案

好吧，我想了一会儿，我想我已经有了。

首先：由于您从两个服务器获取相同会话ID，因此我们可以排除任何与Cookie相关的问题。显然，您正在成功创建名为 a_name 的Cookie（但我会仅推荐该Cookie名称的字母数字字符） www.example.com ，并成功读取 a_name cookie forum.example.com 。但是，正如你所说，你没有从 forum.example.com 获取任何数据。 session.cookie_lifetime = 0 不是一个问题：这只是指会话cookie一直保持到浏览器关闭。

我们应该深入PHP的会话处理更进一步。您使用 session_id（）读取的会话ID是指服务器上的一个文件。通常，该文件存在于 / tmp / sess_ $ session_id 中。该文件的内容是您的 $ _ SESSION 数组，序列化。 （请注意，数据为未序列化同样的方式在PHP中 serialize（） ...但是现在不重要了。）

我认为这是一个文件权限相关的问题：

1. / tmp / sess_ $ session_id 的用户和组。

> <$> forum.example.com 尝试打开 / tmp / sess_ $ session_id ，但没有正确的权限

2. 因此，当尝试 print_r（$ _ SESSION）;

解决方案：

检查服务器的配置文件，确保 www.example .com 和 forum.example.com 作为同一用户和组运行。这是至关重要的！对于Apache，找到您的* .conf文件：

 用户youruser 
将您的组分组
  

对于nginx，请查找nginx.conf：

  user youruser yourgroup; 
  

如果更改服务器配置文件不是一个选项，那么您应该确保运行两个网站在同一组。





您可以先载入 www.example.com ，然后再载入<$ c $来验证问题通过SSH（找到 $ session_id中的 sess _ ），在您的服务器shell中输入c：sudo ls -ltc sess _ * ）。接下来，再次加载 forum.example.com ，然后加载 sudo ls -ltc sess _ * ，查看用户和/或群组变更。

This is a complement of PHP Sessions across sub domains
I tried what is indicated on that question, and I see that the issue wasn't given.

So I need to have sessions across sub-domains (www.example.com to forum.example.com)

What I did on www.example.com is

session_name("a_name");
session_set_cookie_params(0, '/', '.example.com');
session_start();

echo session_id();
$_SESSION['test'] = 123;

On forum.example.com

session_name("a_name");
session_set_cookie_params(0, '/', '.example.com');
session_start();

echo session_id();
print_r($_SESSION);

The session_id are exactly the same, but the $_SESSION doesn't output anything.
How to make forum.example.com output 123 ?

I tried session.cookie_domain = .example.com but doesn't change anything

When I go on forum.example.com it destroys the www.example.com sessions, and it does the same on the other way, like if it detects that it comes from another sub-domain and erases everything for security.

The 2 sub-domains are on the same Debian server

Another thing that I noticed is that without session_name and session_set_cookie_params it still has exactly the same session_id, when I set session.cookie_domain

Thank You

解决方案

Ok, I've thought about this for a while and I think I've got it.

First things first: since you are getting the same session id from both servers, we can rule out any cookie-related issues. Clearly, you are successfully creating a cookie named a_name (though I'd recommend only alphanumeric characters for that cookie name) on www.example.com, and successfully reading that a_name cookie on forum.example.com. But, like you said, you aren't getting any data from forum.example.com. The session.cookie_lifetime = 0 is not an issue: that just means that the session cookie remains until the browser is closed.

We should delve into PHP's session handling a bit further. The session id you are reading out with session_id() refers to a file on your server. Typically, that file is present in /tmp/sess_$session_id. The contents of that file are your $_SESSION array, serialized. (Keep in mind that the data is not serialized the same way that serialize() in PHP does... but that's not important right now.).

I think this is a file permission-related issue:

1. /tmp/sess_$session_id file is set with www.example.com's user and group.
2. forum.example.com attempts to open /tmp/sess_$session_id, but doesn't have the proper permissions.
3. As a result, you get an empty result when trying to print_r($_SESSION);

Solution:
Check your server's configuration file to make sure that www.example.com and forum.example.com are running as THE SAME USER AND GROUP. That is critical! For Apache, find your *.conf file:

User youruser
Group yourgroup

For nginx, find nginx.conf:

user youruser yourgroup;

If changing the server config files is not an option, then you should make sure that the users running the two sites are in the same group.

You can verify that this is the problem by first loading www.example.com and then sudo ls -ltc sess_* in your server's shell, via SSH (find the sess_ ending in your $session_id). Next, load forum.example.com and then sudo ls -ltc sess_* again, to see the user and/or group change.

这篇关于跨子域的PHP会话2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！