会话ID丢失(ajax + PHP)

I'm having an issue with AJAX + PHP session ID where a new ID is getting generated by the script getting grabbed via GET. I've created 2 test scripts that expose the problem:

script 1 (commented out the AJAX, but both XMLHttpRequest and $.get() yield the same result):

<?php
    session_start();
    ob_start();
    echo('test: '.session_id());

?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
    <div id="test"></div>
    <script type='text/javascript' src='../node_modules/jquery/dist/jquery.js?<?echo($time)?>'></script>
    <script type="text/javascript">
        $(document).ready(function() {
            var xhr = new XMLHttpRequest()
            xhr.onreadystatechange = function () {
                if(xhr.readyState === 4 && xhr.status === 200) {
                    document.getElementById('test').innerHTML=this.responseText;
                    resolve('page loaded');
                }
            }
            xhr.open("GET",'http://10.1.1.101/testLinks/test2.php');
            xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
            xhr.send();
            // $.get('test2.php').done(function(val) {
            //     document.getElementById('test').innerHTML=val;
            // })
        });
    </script>
</body>
</html>

Script 2:

<?php
    session_start();
    ob_start();
    echo('test2: '.session_id());
?>

Output:

test: 4occu9mq6o3c16au254grf0s56
test2: 6bk1fdbs3v2bcl9iko31s5nqp4

Looking at other threads, I've verified the php setting for cookies enabled, as well as the lifetime:

php session info

I've verified that when I include 'test2.php'; a new session ID is not generated. Only when using AJAX.

I'm not sure what else to look at here. Any suggestions appreciated.

EDIT: for clarity, I'm using JQuery 3.4.0, however, after switching to XMLHttpRequest, I don't believe it's a JQuery error, and has more to do with some configuration of PHP, but I'm not sure what.

1个回答


我们最终弄清楚了这个问题。 我们在其上部署的服务器正在通过http(端口80)运行该应用程序。 我们生成了SSL证书,并切换到HTTPS(端口443),并且cookie能够保留PHPSESSID而无需重新生成。 这可能与组织中的某些安全设置有关,但是希望这可以帮助遇到相同问题的人。</ p>
     </ div>

展开原文

原文

We ended up figuring out the issue. The server we had this deployed on was running the application through http (port 80). We generated an SSL certificate and switched over to HTTPS (port 443), and the cookies were able to hold the PHPSESSID without regenerating. This may be related to some security settings in the organization, however, but hopefully this helps someone having the same issue.

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐