PHP:Cookie域/子域控制
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/348282/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP: Cookie domain / subdomain control
提问by Eli
I'm working on a site with multiple subdomains, some of which should get their own session.
我正在一个具有多个子域的站点上工作,其中一些应该有自己的会话。
I think I've got it worked out, but have noticed something about cookie handling that I don't understand. I don't see anything in the docs that explains it, so thought I would see if anyone here has some light to shed on the question.
我想我已经解决了,但注意到一些我不明白的关于 cookie 处理的事情。我在文档中没有看到任何解释它的内容,所以我想我会看看这里是否有人对这个问题有所了解。
If I just do:
如果我只是这样做:
session_start();
I end up with a session cookie like this:
我最终得到了这样的会话 cookie:
subdomain.example.net
子域.example.net
However, if I make any attempt to set the cookie domain myself, either like
但是,如果我尝试自己设置 cookie 域,例如
ini_set('session.cookie_domain', 'subdomain.example.net');
or like
或喜欢
session_set_cookie_params( 0, "/", "subdomain.example.net", false, false);
I end up with a cookie for .subdomain.example.net (note the opening dot), which I believe means "match all subdomains (or in this case sub-subdomains).
我最终得到了 .subdomain.example.net 的 cookie(注意开头的点),我相信这意味着“匹配所有子域(或在这种情况下是子子域)。
This seems to happen with all my cookies actually, not just session. If I set the cookie domain myself, it automatically has the dot prepended, meaning this domain and all subs of it. If I don't set the domain, then it gets it right by using only the current domain.
实际上,这似乎发生在我所有的 cookie 中,而不仅仅是会话。如果我自己设置 cookie 域,它会自动在前面加上点,这意味着这个域和它的所有子域。如果我不设置域,那么它只使用当前域就可以了。
Any idea what causes this, and what I can do to control that prepending dot?
知道是什么原因造成的,我能做些什么来控制那个前置点?
Thanks!
谢谢!
采纳答案by Brian Fisher
PHP's cookie functions automatically prefix the $domain with a dot. If you don't want this behavior you could use the headerfunction. For example:
PHP 的 cookie 函数会自动在 $domain 前面加上一个点。如果您不想要这种行为,您可以使用header函数。例如:
header("Set-Cookie: cookiename=cookievalue; expires=Tue, 06-Jan-2009 23:39:49 GMT; path=/; domain=subdomain.example.net");
回答by Kevin Campion
If you run your PHP script under "http://subdomain.example.net", don't use the domain parameter:
如果您在“ http://subdomain.example.net”下运行 PHP 脚本,请不要使用域参数:
setcookie('cookiename','cookievalue',time()+(3600*24),'/');
You will get a cookie with "subdomain.example.net" (and not ".subdomain.example.net")
你会得到一个带有“subdomain.example.net”(而不是“.subdomain.example.net”)的cookie
回答by stolsvik
If you read all of RFC 6265, you'll realize that the only proper way to have a "host-only" cookie is to NOT set the domain attribute.
如果您阅读了 RFC 6265 的全部内容,您就会意识到拥有“仅限主机”cookie 的唯一正确方法是不设置域属性。
回答by Alex
I realise this is an old question but I was having this problem and none of the answers above quite did it.
我意识到这是一个老问题,但我遇到了这个问题,上面的答案都没有做到。
I wanted to set the session cookie for a subdomain, but also enable httponly and secure.
我想为子域设置会话 cookie,但还要启用 httponly 和安全。
To avoid a leading . infront of the subdomain, Kevin and stolsvik are correct don't set the domain attribute.
为避免领先。在子域前面,Kevin 和 stolsvik 是正确的,不要设置域属性。
So to do this and still be able to set httponly and secure mode, set the domain to NULL as follows:
因此,要做到这一点并且仍然能够设置 httponly 和安全模式,请将域设置为 NULL,如下所示:
session_set_cookie_params(0, '/', NULL, TRUE, TRUE);
You will now have a session cookie, for a specific subdomain (without a leading .) with httponly and secure set to true.
您现在将拥有一个会话 cookie,用于特定子域(没有前导 .),httponly 和 secure 设置为 true。
回答by Luciano Camilo
This may help someone (i spent some hours to figure this out). After make the changes in the source files and before you test it, close your browser to properly destroy PHPSESSIONID in all domains and subdomains.
这可能对某人有所帮助(我花了几个小时来解决这个问题)。在源文件中进行更改之后,在测试之前,请关闭浏览器以正确销毁所有域和子域中的 PHPSESSIONID。
Hope this save some time!
希望这能节省一些时间!
回答by Gendrith
I was having a problem to set cookies on wordpress and this helped me, the domain value was the key to get it working in all the pages
我在 wordpress 上设置 cookie 时遇到问题,这对我有帮助,域值是让它在所有页面中工作的关键
$domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
setcookie("cookie_name", 'cookie_value', 0, '/', $domain);
