[英]Issues with session_regenerate_id()
I am using Facebook's PHP SDK for validating users to leave comments and it works quite well. 我正在使用Facebook的PHP SDK验证用户是否发表评论,并且效果很好。 Once, validated, I store the user information in a session variable, but first call session_regenerate_id()
and then reload the page. 验证之后,我将用户信息存储在会话变量中,但首先调用session_regenerate_id()
,然后重新加载页面。 When the page reloads, the old session data is still available, including the Facebook SDK state variable, however, the session variable I added is not available. 页面重新加载时,旧的会话数据仍然可用,包括Facebook SDK状态变量,但是,我添加的会话变量不可用。 The following is a snippet of the code: 以下是代码片段:
session_regenerate_id();
$_SESSION[...] = ...;
header('Location: ...');
die();
If I take out the session_regenerate_id()
then everything works perfectly. 如果我取出session_regenerate_id()
那么一切都将正常运行。 Any ideas what I am doing wrong? 有什么想法我做错了吗?
EDIT 编辑
If I log session_id()
every page load, I see that session_regenerate_id()
generates a new id and the session contains everything I expect. 如果我在每次页面加载时记录session_id()
,就会看到session_regenerate_id()
生成一个新的ID,并且该会话包含了我期望的所有内容。 However, when the page reload occurs, the session id is the previous session id and not the new one, hence I cannot access the new session variables. 但是,当页面重新加载时,会话ID是前一个会话ID,而不是新的会话ID,因此我无法访问新的会话变量。 Why would this happen? 为什么会这样?
After a lot of logging and scanning the headers being sent and received, I determined that when the initial session was created, the domain used for the cookie was: .domain.com
(without the www). 经过大量日志记录和扫描发送和接收的标头之后,我确定在创建初始会话时,用于cookie的域为: .domain.com
(不带www)。 However, session_regenerate_id()
was setting the domain for the cookie to: www.domain.com
. 但是, session_regenerate_id()
将cookie的域设置为: www.domain.com
。 When the browser made a determination of which to send, it always sent the original one, so the session used was always the old one. 当浏览器确定要发送哪个时,它总是发送原始的,因此使用的会话始终是旧的。 Once I manually deleted that cookie, everything worked fine. 手动删除该Cookie后,一切正常。
To ensure this sort of thing doesn't happen again, I added the following before starting my session: 为了确保不会再次发生这种情况,我在开始会话之前添加了以下内容:
session_set_cookie_params(0, '/', $_SERVER['SERVER_NAME'], true, true);
What is odd, the .htaccess file enforces www.domain.com for consistency, so I am not sure why the initial cookie's domain was set the way it was. 奇怪的是,.htaccess文件强制使用www.domain.com来保持一致性,因此我不确定为什么初始cookie的域设置为原来的样子。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.