如何在同一浏览器中维护两个PHPSESSID Cookie,一个用于https,另一个用于HTTP
[英]How to maintain two PHPSESSID cookie one for https and other for http in same browser
问题描述
I am having a web application which sets session cookie PHPSESSID with flag HttpOnly, path and secure. 
我有一个Web应用程序,它使用标志HttpOnly,路径和安全性来设置会话cookie PHPSESSID。 Secure is set only when https url is accessed. 仅在访问https URL时设置安全。
If cookie is set by http request , same is getting shared for https and vice versa. 如果cookie是由http request设置的,则HTTP也会共享它,反之亦然。 How to maintain two different sessions one for http and other for https in same browser with same cookie name PHPSESSID. 如何在具有相同Cookie名称PHPSESSID的同一浏览器中维护两个不同的会话,一个用于HTTP,另一个用于https。
1 个解决方案
解决方案1
0 2018-04-07 19:55:24
There is no way to set 2 cookies with the same name for a Host. 无法为主机设置两个具有相同名称的cookie。 Cookies are associated with a host or domain, and the protocol is not taken into consideration. Cookies与主机或域相关联,并且不考虑该协议。
If you truly want to have separate session storage you would need to manually set at least one of the sessions to have a different name via session_name . 如果您确实希望拥有单独的会话存储,则需要通过session_name手动将至少一个会话设置为具有不同的名称。
As for the HttpOnly flag, that is a semaphore for the browser, and has no active serverside behavior associated with it. 至于HttpOnly标志,它是浏览器的信号量,并且没有与之关联的活动服务器端行为。 In other words, the flag may or may not be honored by the server. 换句话说,服务器可能会接受也可能不会接受该标志。
A much more meaningful setting in this area is session.cookie_secure, where the server won't send a cookie over http at all, however, that should not be interpreted to mean it won't read a cookie. 这方面的一个更有意义的设置是session.cookie_secure,服务器完全不会通过http发送cookie,但是,这不应解释为意味着它不会读取cookie。 If a cookie gets set in the browser, and the browser makes a subsequent request to that host or domain (if using a domain cookie) then the browser is gong to include the cookie data in the request. 如果在浏览器中设置了cookie,并且浏览器向该主机或域发出了后续请求(如果使用域cookie),则浏览器会发出锣声,将cookie数据包括在请求中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.