dongshi949737 2016-03-08 12:56
浏览 27
已采纳

在iframe fetcher中设置来自ajax的php会话进行识别

I am using phonegap and I want to provide a version of my app as follows:

  • I'm running a https service. I login using an ajax function and retrieve the phpsession to the frontend (in phonegap).

  • I confirm that the login works because I receive the php session string. I then redirect the user to another phonegap page where I display my website via

<iframe style="width:100%; height:100%" src="my_website" />

However, the php session fetched via ajax is not started in the iframe and I need it to be. How can I do this so that the iframe starts with the same php session?

Thank you very much for your help.

  • 写回答

1条回答 默认 最新

  • douyou3619 2016-03-08 13:33
    关注

    First, understand the dangers of exposing session values in this way (https mitigates hijacking but not when the attack vector is XSS).

    Then, either...

    Drop the session id into a cookie when the AJAX request lands,

    or append it to the URL used to retrieve the iframe content and enable transid in the config or add some PHP code to parse it yourself, e.g.

    <?php

if (isset($_GET[session_name()]) && 10<strlen($_GET[session_name()))) {
    session_id($_GET[session_name()]);
}
session_start();
...
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求指导ADS低噪放设计
  • ¥15 CARSIM前车变道设置
  • ¥50 三种调度算法报错 有实例
  • ¥15 关于#python#的问题,请各位专家解答!
  • ¥200 询问:python实现大地主题正反算的程序设计,有偿
  • ¥15 smptlib使用465端口发送邮件失败
  • ¥200 总是报错,能帮助用python实现程序实现高斯正反算吗?有偿
  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存