允许 php 会话转移到子域
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/644920/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Allow php sessions to carry over to subdomains
提问by Anthony
I use php sessions (not cookies, except for session id cookie) for all user data, and when a user goes to their profile user.mydomain.com they are immediately "logged out" untill then remove the subdomain.
我对所有用户数据使用 php 会话(不是 cookie,会话 id cookie 除外),当用户访问他们的个人资料 user.mydomain.com 时,他们会立即“注销”,直到删除子域。
Is there a way to accept sessions from all domains as long as its *.mydomain.com
有没有办法接受来自所有域的会话,只要它的 *.mydomain.com
回答by CTT
Here are 4 options.
这里有 4 个选项。
Place this in your php.ini:
把它放在你的 php.ini 中:
session.cookie_domain = ".example.com"
Or in your .htaccess:
或者在您的 .htaccess 中:
php_value session.cookie_domain .example.com
Or as the first thing in your script:
或者作为脚本中的第一件事:
ini_set('session.cookie_domain', '.example.com' );
Or in your php-fpm pool configuration for your site:
或者在您站点的 php-fpm 池配置中:
php_value[session.cookie_domain] = .example.com
回答by sucitivel
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');
security be damned, if you are as frustrated with incomplete or bad answers as I am, this is your savior. It just works.
该死的安全性,如果您像我一样对不完整或错误的答案感到沮丧,那么这就是您的救星。它只是有效。
回答by karthikeyan ganesan
change the session name at the top of the core functions file like
更改核心功能文件顶部的会话名称,例如
session_name('mysession');
then use the following code into the php page
然后在php页面中使用以下代码
session_set_cookie_params(0,"/",".example.com",FALSE,FALSE);
setcookie(session_name(), session_id(),0,"/","example.com");
session_start();
finally change the default session name of the subdomain and remove the default cookie in subdomain's core functions file like:
最后更改子域的默认会话名称并删除子域核心功能文件中的默认 cookie,例如:
/*default session name*/
session_name("mysession");
/*remove the PHPSESSID and default session name from subdomain's cookie*/
setcookie( "mysession", "",1,"/" );
setcookie( "PHPSESSID", "",1,"/" );
if you continue with using your cookie name as PHPSESSID ,just remove all the functions with
如果您继续使用您的 cookie 名称作为 PHPSESSID ,只需删除所有功能
"mysession" string like session_name('mysession'), setcookie( "mysession", "",1,"/" );
then check your browser's existing cookies, just remove all the cookies of domain and subdomain, and repeat the process.
然后检查浏览器现有的 cookie,只需删除域和子域的所有 cookie,并重复该过程。
回答by joeldixon66
I know this is quite old - but to further expand on @CTT's suggestion - I needed to add a php.ini file in each sub-directory (that will be executing php code and requires the session) of my subdomain with the following text:
我知道这已经很老了 - 但为了进一步扩展@CTT 的建议 - 我需要在我的子域的每个子目录(将执行 php 代码并需要会话)中添加一个 php.ini 文件,并使用以下文本:
suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off
I hope this helps (it took me ages to figure this out).
我希望这会有所帮助(我花了很长时间才弄清楚这一点)。
回答by Laurent Duvergé
Another option that worked for me: is to force the name of the session:
另一个对我有用的选项:是强制会话名称:
session_name("myWebsite");
session_start();
回答by Wikum Ekanayake
yes. ini_setis working. but remember to destroy all caches and cookies of the browser to see it works.
是的。ini_set正在工作。但请记住销毁浏览器的所有缓存和 cookie 以查看它是否有效。
- destroy all caches and cookies of your browser
in your
xxx.example.comandyyy.example.com, your php files should start like this.ini_set('session.cookie_domain', '.example.com' ); session_start();
- 销毁浏览器的所有缓存和 cookie
在您的
xxx.example.comand 中yyy.example.com,您的 php 文件应该像这样开始。ini_set('session.cookie_domain', '.example.com' ); session_start();
回答by abrar
Try This:
尝试这个:
session_start();
$sessionId = session_id();
logged the user. When user will switch to other subdomain sent the session id in the URL like this user.mydomain.com/?id=$sessionId
登录用户。当用户切换到其他子域时,像这样在 URL 中发送会话 IDuser.mydomain.com/?id=$sessionId
$sessionId = $_GET['id'];
session_start($sessionId);
Now the user will get all the session values and stay logged in.
现在用户将获得所有会话值并保持登录状态。
回答by Mike
I just had this problem and it turns out I was using different php.ini files for two different sub-domains. These ini files specified different session.save_pathvariables. For obvious reasons this needs to be the same for all sub-domains that need to share sessions.
我刚刚遇到了这个问题,结果我对两个不同的子域使用了不同的 php.ini 文件。这些 ini 文件指定了不同的session.save_path变量。出于显而易见的原因,这对于需要共享会话的所有子域都必须相同。
回答by user1966103
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');
This is a good solution, but you cannot use it in all situations. For examples it will not work when you cannot rely on not-session cookies.
这是一个很好的解决方案,但您不能在所有情况下都使用它。例如,当您不能依赖非会话 cookie 时,它将不起作用。
This actually MUST work if you use it correctly.
如果您正确使用它,这实际上必须起作用。
ini_set('session.cookie_domain', '.example.com' );
For example you need to put it before session_start()and also in all files that call session_start()
例如,您需要将它放在之前session_start()和所有调用的文件中session_start()
