問題描述
我有一個(gè)登錄屏幕,我強(qiáng)制將其設(shè)為 ssl,如下所示:https://www.foobar.com/login然后在他們登錄后,他們被移動到主頁:https://www.foobar.com/dashbaord
I have a login screen that I force to be ssl, so like this: https://www.foobar.com/login then after they login, they get moved to the homepage: https://www.foobar.com/dashbaord
但是,我想在登錄后將人們從 SSL 中移除(以節(jié)省 CPU),因此在檢查他們實(shí)際上已登錄 https://www.foobar.com/dashbaord 我把它們移到http://www.foobar.com/dashbaord
However, I want to move people off of SSL once logged in (to save CPU), so just after checking that they are in fact logged in on https://www.foobar.com/dashbaord I move them to http://www.foobar.com/dashbaord
這似乎總是會清除會話變量,因?yàn)楫?dāng)頁面再次運(yùn)行時(shí),它確認(rèn)它們已登錄(就像所有頁面一樣)并且會話似乎不存在,因此它將它們移動到登錄屏幕.
Well this always seems to wipe out the session variables, because when the page runs again, it confirms they are logged in (as all pages do) and session appears not to exist, so it moves them to the login screen.
奇怪/發(fā)現(xiàn):
- 列表項(xiàng)
- 第二次登錄總是有效,并且很高興讓我訪問 http://www.foobar.com/dashbaord
- 第一次登錄成功創(chuàng)建了一個(gè)cookie
- 如果我登錄兩次,然后注銷,然后再次登錄,我不需要兩次登錄(我似乎已經(jīng)將其追溯到 cookie 存在的事實(shí)).如果我刪除 cookie,我將返回兩次登錄.
- 第二次登錄后,我可以從非 ssl 從 ssl 移動,會話仍然存在.
- 在第一次登錄時(shí),移動到非 ssl 站點(diǎn)會完全清除會話,手動返回 ssl 站點(diǎn)仍然迫使我再次登錄.
- 第二次登錄使用與第一次完全相同的機(jī)制,通過 ssl
我嘗試了什么:
- 使用 Cake 的 security.level 和 session.checkagent 設(shè)置 - 什么都沒有
- 讓 cake 將會話存儲在 db(而不是文件系統(tǒng))中 - 什么都沒有
- 在 XP 機(jī)器上測試 FF、IE、Chrome.
所以我覺得這與正在創(chuàng)建但未被讀取的cookie有關(guān).
So I feel like this is something related to the cookie being created but not being read.
環(huán)境:1. Debian2. 阿帕奇 23. mysql 44. PHP 55. CakePHP6.會話被PHP默認(rèn)保存為文件
Environment: 1. Debian 2. Apache 2 3. Mysql 4 4. PHP 5 5. CakePHP 6. Sessions are being saved PHP default, as files
推薦答案
我想通了.Cake 在 SSL 連接下自動切換 session.cookie_secure ini 值,因此創(chuàng)建的 cookie 是安全 cookie,第二個(gè)頁面無法識別.
I figured this out. Cake was switching the session.cookie_secure ini value on-the-fly while under SSL connections automatically, So the cookie being created was a secure cookie, which the second page wouldn't recognize.
解決辦法,注釋掉/cake/lib/session.php第420行ish:
Solution, comment out /cake/lib/session.php line 420 ish:
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_secure', 1);
(只需搜索即可找到它,因?yàn)槲掖_定 # 行會隨著版本的發(fā)布而更改.)
(Just search for that to find it, as I'm sure the line # will change as releases come out.)
這篇關(guān)于從 ssl 移動到非 ssl 時(shí)會話未保存的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!