douce1368 2015-03-24 02:29
浏览 36
已采纳

为什么Twitter webview会清除我的会话cookie?

I'm creating your standard login in PHP. It relies on the user's session remaining the same to keep the user logged in. The session has been persisting as expected on desktop browsers, Safari on iOS, and webview in Facebook iOS app. However, it is not persisting on webview in Twitter iOS app.

I have this simple page to print out the session: 

<?php
        session_start();
?>
<html>
<body>
<h1>$_SESSION</h1>
<?php
        print_r($_SESSION);
?>
<h1>$_COOKIE</h1>
<?php
        print_R($_COOKIE);
?>
</body>
</html>

Safari on iOS

  1. Open the page in Safari on iOS.
  2. Reload the page 10 times.
  3. The same session ID is printed every time.

enter image description here

Facebook on iOS

  1. Post the link to your Facebook wall.
  2. Tap the link 10 times.
  3. The same session ID is printed every time.

enter image description hereenter image description here

Twitter on iOS

  1. Tweet the link on Twitter.
  2. Tap the link 10 times.
  3. The session ID is missing every time.

enter image description hereenter image description here

The only major difference between Twitter and everyone else is that Twitter converts all links with their shortening service. If you inspect the website source code of your posts, you'll see:

<a href="t.co/someCode">yourOriginalLink.com</a>

This affects your referrer. But how exactly would the referer screw up your session?

I know other websites have gotten sessions to persist on Twitter because I've logged in on those other apps and I remain logged in every time I launch their site. You can look at Meerkat for example. Just search for #meerkat in your Twitter iOS app and click on the link in any of the tweets. You'll be asked to log in. If you click on a second Meerkat link, it will remember that you've already logged in before.

  • 写回答

2条回答 默认 最新

  • douzi8548 2015-03-25 22:53
    关注

    Twitter iOS app destroys its session whenever the webview is dismissed. In standard cookie management, cookies without any explicit expiration are cleared when the session is over. We want to persist the cookie so that the user doesn't have to login over and over.

         $params = session_get_cookie_params();
     setcookie(
         session_name(),
         $_COOKIE[session_name()],
         time() + 60 * 60 * 24 * 365,
         $params["path"],
         $params["domain"],
         $params["secure"],
         $params["httponly"]
     );

    Facebook app doesn't clear the cookies whenever the webview disappears, probably because it has smart cacheing logic to keep the webview in memory instead of deallocating it.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 在若依框架下实现人脸识别
  • ¥15 网络科学导论,网络控制
  • ¥100 安卓tv程序连接SQLSERVER2008问题
  • ¥15 利用Sentinel-2和Landsat8做一个水库的长时序NDVI的对比,为什么Snetinel-2计算的结果最小值特别小,而Lansat8就很平均
  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同