php 在 websocket 握手时使用会话数据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22285299/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Use session data on websocket handshake
提问by php_nub_qq
If a logged in user navigates to a certain area of the site which is to use WebSockets, How can I grab that session Id so I can identify him on the server?
如果登录用户导航到要使用 WebSockets 的站点的某个区域,我如何获取该会话 ID,以便我可以在服务器上识别他?
My server is basically an endless while loop which holds information about all connected users and stuff, so in order to grab that id I figured the only suitable moment is at the handshake, but unfortunately the handshake's request headers contain no cookie data:
我的服务器基本上是一个无休止的 while 循环,它保存有关所有已连接用户和内容的信息,因此为了获取该 ID,我认为唯一合适的时刻是握手,但不幸的是,握手的请求标头不包含 cookie 数据:
Request Headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5
Cache-Control: no-cache
Connection: keep-alive, Upgrade
DNT: 1
Host: 192.168.1.2:9300
Origin:http://localhost
Pragma: no-cache
Sec-WebSocket-Key: 5C7zarsxeh1kdcAIdjQezg==
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
请求头
Accept: text/html,application/xhtml+xml,application/xml;q=0.9, /;q=0.8
Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5
Cache-Control: no -cache
Connection: keep-alive, Upgrade
DNT: 1
Host: 192.168.1.2:9300
Origin:http://localhost
Pragma: no-cache
Sec-WebSocket-Key: 5C7zarsxeh1kdcAIdjQezg==
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla /5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
So how can I really grab that id? I thought I could somehow force javascript to send cookie data along with that request but any self-respecting website in 2014 will have httpOnly session cookies so that wont work out. Any help is greatly appreciated!
那么我怎样才能真正抓住那个id呢?我以为我可以以某种方式强制 javascript 将 cookie 数据与该请求一起发送,但 2014 年任何有自尊的网站都会有 httpOnly 会话 cookie,这样就行不通了。任何帮助是极大的赞赏!
Here's a link for the server I'm using: https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php(thanks to accepted answer)
这是我正在使用的服务器的链接:https: //github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php(感谢接受的答案)
采纳答案by Brian McGinity
http only cookies as well as secure cookies work fine with websocket.
http only cookie 以及安全 cookie 与 websocket 一起工作正常。
Some websocket modules have chosen to ignore cookies in the request, so you need to read the specs of the module.
一些 websocket 模块选择忽略请求中的 cookie,因此您需要阅读模块的规范。
Try: websocket node: https://github.com/Worlize/WebSocket-Node.
尝试: websocket 节点: https://github.com/Worlize/WebSocket-Node。
Make sure to use the secure websocket protocol as wss://xyz.com
确保使用安全的 websocket 协议 wss://xyz.com
Update:
更新:
Also, chrome will notshow the cookies in the "inspect element" Network tab.
此外,chrome不会在“检查元素”网络选项卡中显示 cookie。
In node try dumping the request, something like:
在节点中尝试转储请求,例如:
wsServer.on('request', function(request) {
console.log(request);
console.log(request.cookies); // works in websocket node
}
If you see the cookies somewhere in the log...you've got it.
如果您在日志中的某处看到 cookie ......您就知道了。
If you're using secure-only cookies, you need to be in secure web sockets: wss://
如果您使用的是仅安全的 cookie,则需要使用安全的网络套接字: wss://
Update2:
更新2:
The cookies are passed in the initial request. Chrome does not show it (all the time) as sometimes it shows provisional headers which omits cookie information.
cookie 在初始请求中传递。Chrome 不会(一直)显示它,因为有时它会显示省略 cookie 信息的临时标题。
It is up to the websocket server to do 'something' with the cookies and attach them to each request.
由 websocket 服务器对 cookie 做“某事”并将它们附加到每个请求。
Looking at the code of your server: https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.phpI do not see the word "cookie" anywhere, so it is not being nicely packaged and attached to each websocket connection. I could be wrong, that's why you might want to contact the developer and see if the whole header is being attached to each connection and how to access it.
查看您服务器的代码:https: //github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/class.PHPWebSocket.php我在任何地方都没有看到“cookie”这个词,所以它没有被很好地打包和附加到每个 websocket 连接。我可能是错的,这就是为什么您可能想要联系开发人员并查看整个标头是否附加到每个连接以及如何访问它。
This I can say for certain: If you're using secure cookies then cookies will notbe transmitted unless you use the secure websocket wss://mysite.com. Plain ws://mysite.comwill not work.
我可以肯定地说:如果您使用安全 cookie,那么除非您使用安全 websocket,否则cookie 将不会被传输wss://mysite.com。平原ws://mysite.com行不通。
Also, cookies will only be transmitted in the request if the domain is the same as the webpage.
此外,只有在域与网页相同的情况下,cookie 才会在请求中传输。
