dongyi1982 2017-11-21 17:01 采纳率: 0%
浏览 36
已采纳

PHP会话干扰子域会话

I have a few websites on the same server with the following domains with the PHP session domain set to '.example.com' so the cookie is shared between the two websites:

  • example.com
  • shop.example.com

I also have a separate server with the following domain admin.example.com and want it to use its own session/cookie. But when there is a .example.com cookie, the admin.example.com website tries using that value instead of its .admin.example.com cookie value, causing session issues...

If I were to delete the .example.com cookie, the website works as intended by using the correct .admin.earlowen.com value.

I have set session.cookie_domain to .admin.example.com to no avail. Am I missing anything? Or is just not possible.

  • 写回答

1条回答 默认 最新

  • dousuohe5882 2017-11-21 18:24
    关注

    Since they share the same domain, they are the same site and share a session.

    You can manually override this by using session_name in your admin section.

    Something like this:

    <?php
//this forces the admin page to recognize a different cookie as it's session id
session_name('PHPADMINSESSID');

//start the session normally
session_start();

    There are a few other tricky ways to do this, but you should generally avoid tricky, because you can easily forget what you did and not be able to figure it out later. I will explain some of those also for reference though:

    • Dual subdomains alter the expected hostname if they can be used, and will cause two different inherent sessions. For example subdomain.example.com and example.com will share a session, but subdomain.username.example.com and example.com will not, and will use separate sessions. You should avoid this, because if you decide to implement some backend logic to manage the session and expect them to be shared, this will become very difficult to work around.

    • You can also force different sessions using session_id, but this requires that you manually track the id's and will get quite convoluted, and will also require you to set up some sort of data store to keep track of which sessions go to what, which adds a lot of unnecessary overhead.

    Easiest way is to just use different session_name values for each session.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • Laravel子域丢失重定向会话 laravel php
    2016-05-01 14:56
    回答 1 已采纳 This is because cookies are specific to subdomain. This is from config/session.php /* |---------
  • php中的子域上共享会话 php
    2013-11-20 09:02
    回答 2 已采纳 My solution was to set a flag in .htaccess like this: php_flag "suhosin.session.cryptdocroot" 0
  • 使用ajax设置子域会话 php
    2017-01-10 06:12
    回答 2 已采纳 I solved my problem by setting header("Access-Control-Allow-Credentials: true");[SERVER-SIDE] and
  • 【学习笔记】PHP进阶
    2020-07-03 21:37
    雨宝口的博客 文章目录表单传值概念为什么使用表单传值表单传值方式GET传值POST传值GET传值和POST传值的区别PHP接收数据的三种方式PHP处理复选框数据复选框单项的命名方式单选按钮的数据处理多选按钮的数据处理无选中情况文件上传...
  • 子域的Codeigniter会话 php
    2014-03-30 19:02
    回答 3 已采纳 From the following solution : Sharing sessions Both the cookie_domain and cookie prefix has to be
  • 使用会话子域查看完整站点的移动选项 php
    2014-08-06 18:24
    回答 1 已采纳 Couldn't find a sensible solution for this with cookies, sessions or any other method so I took th
  • 通过使用https读取子域WHILE进行转发的PHP脚本 php
    2018-05-24 04:46
    回答 2 已采纳 As discussed in the comments the problem is "blocked loading mixed active content". An iframe or
  • php进阶篇
    2018-08-15 11:12
    mojunyu哦的博客 原文链接:... 数组 PHP数组之索引数组初始化 PHP有两种数组:索引数组、关联数组。 索引和关联两个词都是针对数组的键而言的。 先介绍下索引数组,索引数组是指数组的键是整数的数组,并且键...
  • 如何使用php将文件夹分配给子域 php
    2015-01-15 03:23
    回答 1 已采纳 hi i've found the answer. you just need to give the path in the dir variable in the following code
  • php循环通过域列表文件并删除子域 php
    2016-11-28 11:40
    回答 2 已采纳 Check link https://eval.in/686821 This is working fine In your output, I can see an extra space.
  • PHP子域在不同服务器上的子域会话 php
    2011-12-15 09:01
    回答 2 已采纳 On both severs session id, session name, cookie params and other session settings must be the same
  • 社会工程攻击、会话安全、浏览器安全
    2024-01-15 20:00
    Zhenguo2的博客 其他子域名的应用或者其他端口的应用除了可以读取当前应用的 Cookie,也能写入特定名称的 Cookie,从而干扰当前应用,让它读到错误的 Cookie 内容,常见的攻击方式是固定会话攻击,后面会详细介绍。 Path 属性 Path...
  • PHP知识点总结(二)
    2016-12-24 22:40
    夜行独者的博客 PHP数组之索引数组初始化 PHP有两种数组:索引数组、关联数组。 索引和关联两个词都是针对数组的键而言的。 先介绍下索引数组,索引数组是指数组的键是整数的数组,并且键的整数顺序是从0开始,依次类推。 ...
  • django session 会话
    2018-03-01 20:34
    宣玉刚的博客 会话框架允许您以每个站点访问者为基础存储和检索任意数据。它将数据存储在服务器端并提取Cookie的发送和接收。Cookie包含会话ID - 不是数据本身(除非您使用基于cookie的后端)。启用session¶会话通过一个中间件...
  • 软考高级--网络规划设计师(三)--网络互连与互联网
    2024-09-13 13:41
    辣椒炒肉没有肉的博客 工作原理:它检测从以太端口来的数据帧的源和目的地的MAC地址,...③为了实现异构型设备之间的通信,网关要对不同传输层、会话层、表示层、应用层协议进行翻译和转换。 数字用户线路(Digital Subscriber Line,DSL)是一
  • PHP中WEB典型应用技术
    2019-10-01 20:26
    dianfuquan4988的博客 PHP会话技术:cookie和session PHP的图像技术:GD库,图像的常见的制作和操作,验证码,二维码,水印、缩略图,3D图等等 文件操作:打开、关闭、读取文件、写入文件,遍历目录等 一、PHP与web页面的交互:...
  • PHP进阶
    2016-02-19 15:52
    new03的博客 PHP有两种数组:索引数组、关联数组。 索引数组是指数组的键是整数的数组,并且键的整数顺序是从0开始,依次类推。 $fruit = array("苹果","香蕉","菠萝"); 注意数组的键是从0开始...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化
  • ¥15 Mirare PLUS 进行密钥认证?(详解)
  • ¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
  • ¥20 想用ollama做一个自己的AI数据库
  • ¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
  • ¥15 请问怎么才能复现这样的图呀