跨子域的PHP会话2 [英] PHP Sessions across sub domains 2
问题描述
这是跨子网域的PHP会话的补充
$ b
因此,我需要在子域之间建立会话( www.example.com
至 forum.example.com
)
我在 www.example.com
上做的是
session_name 一个名字);
session_set_cookie_params(0,'/','.example.com');
session_start();
echo session_id();
$ _SESSION ['test'] = 123;
在 forum.example.com
p>
session_name(a_name);
session_set_cookie_params(0,'/','.example.com');
session_start();
echo session_id();
print_r($ _ SESSION);
session_id完全相同,但$ _SESSION不输出任何内容。
如何使 forum.example.com
输出 123
?
我试过 session.cookie_domain = .example.com
但不改变任何东西。
我继续使用 forum.example.com
,它会销毁 www.example.com
会话,
这两个子域位于同一个Debian服务器上
我注意到的另一件事是,没有 session_name
和 session_set_cookie_params
它仍然有完全相同的session_id,当我设置 session.cookie_domain
谢谢
好吧,我想了一会儿,我想我已经有了。
首先:由于您从两个服务器获取相同会话ID,因此我们可以排除任何与Cookie相关的问题。显然,您正在成功创建名为 a_name
的Cookie(但我会仅推荐该Cookie名称的字母数字字符) www.example.com
,并成功读取 a_name
cookie
forum.example.com
。但是,正如你所说,你没有从 forum.example.com
获取任何数据。 session.cookie_lifetime = 0
不是一个问题:这只是指会话cookie一直保持到浏览器关闭。
我们应该深入PHP的会话处理更进一步。您使用 session_id()
读取的会话ID是指服务器上的一个文件。通常,该文件存在于 / tmp / sess_ $ session_id
中。该文件的内容是您的 $ _ SESSION
数组,序列化。 (请注意,数据为未序列化同样的方式在PHP中 serialize()
...但是现在不重要了。)
我认为这是一个文件权限相关的问题:
-
/ tmp / sess_ $ session_id
的用户和组。
- 因此,当尝试
print_r($ _ SESSION);
> <$>
forum.example.com
尝试打开 / tmp / sess_ $ session_id
,但没有正确的权限 解决方案:
检查服务器的配置文件,确保 www.example .com
和 forum.example.com
作为同一用户和组运行。这是至关重要的!对于Apache,找到您的* .conf文件:
用户youruser
将您的组分组
对于nginx,请查找nginx.conf:
user youruser yourgroup;
如果更改服务器配置文件不是一个选项,那么您应该确保运行两个网站在同一组。
您可以先载入 www.example.com
,然后再载入<$ c $来验证问题通过SSH(找到 $ session_id中的
)。接下来,再次加载 sess _
),在您的服务器shell中输入c:sudo ls -ltc sess _ * forum.example.com
,然后加载 sudo ls -ltc sess _ *
,查看用户和/或群组变更。
This is a complement of PHP Sessions across sub domains
I tried what is indicated on that question, and I see that the issue wasn't given.
So I need to have sessions across sub-domains (www.example.com
to forum.example.com
)
What I did on www.example.com
is
session_name("a_name");
session_set_cookie_params(0, '/', '.example.com');
session_start();
echo session_id();
$_SESSION['test'] = 123;
On forum.example.com
session_name("a_name");
session_set_cookie_params(0, '/', '.example.com');
session_start();
echo session_id();
print_r($_SESSION);
The session_id are exactly the same, but the $_SESSION doesn't output anything.
How to make forum.example.com
output 123
?
I tried session.cookie_domain = .example.com
but doesn't change anything
When I go on forum.example.com
it destroys the www.example.com
sessions, and it does the same on the other way, like if it detects that it comes from another sub-domain and erases everything for security.
The 2 sub-domains are on the same Debian server
Another thing that I noticed is that without session_name
and session_set_cookie_params
it still has exactly the same session_id, when I set session.cookie_domain
Thank You
Ok, I've thought about this for a while and I think I've got it.
First things first: since you are getting the same session id from both servers, we can rule out any cookie-related issues. Clearly, you are successfully creating a cookie named a_name
(though I'd recommend only alphanumeric characters for that cookie name) on www.example.com
, and successfully reading that a_name
cookie on forum.example.com
. But, like you said, you aren't getting any data from forum.example.com
. The session.cookie_lifetime = 0
is not an issue: that just means that the session cookie remains until the browser is closed.
We should delve into PHP's session handling a bit further. The session id you are reading out with session_id()
refers to a file on your server. Typically, that file is present in /tmp/sess_$session_id
. The contents of that file are your $_SESSION
array, serialized. (Keep in mind that the data is not serialized the same way that serialize()
in PHP does... but that's not important right now.).
I think this is a file permission-related issue:
/tmp/sess_$session_id
file is set withwww.example.com
's user and group.forum.example.com
attempts to open/tmp/sess_$session_id
, but doesn't have the proper permissions.- As a result, you get an empty result when trying to
print_r($_SESSION);
Solution:
Check your server's configuration file to make sure that www.example.com
and forum.example.com
are running as THE SAME USER AND GROUP. That is critical! For Apache, find your *.conf file:
User youruser
Group yourgroup
For nginx, find nginx.conf:
user youruser yourgroup;
If changing the server config files is not an option, then you should make sure that the users running the two sites are in the same group.
You can verify that this is the problem by first loading www.example.com
and then sudo ls -ltc sess_*
in your server's shell, via SSH (find the sess_
ending in your $session_id
). Next, load forum.example.com
and then sudo ls -ltc sess_*
again, to see the user and/or group change.
这篇关于跨子域的PHP会话2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!