douce1368 2015-03-24 02:29
浏览 36
已采纳

为什么Twitter webview会清除我的会话cookie?

I'm creating your standard login in PHP. It relies on the user's session remaining the same to keep the user logged in. The session has been persisting as expected on desktop browsers, Safari on iOS, and webview in Facebook iOS app. However, it is not persisting on webview in Twitter iOS app.

I have this simple page to print out the session:

<?php
        session_start();
?>
<html>
<body>
<h1>$_SESSION</h1>
<?php
        print_r($_SESSION);
?>
<h1>$_COOKIE</h1>
<?php
        print_R($_COOKIE);
?>
</body>
</html>

Safari on iOS

  1. Open the page in Safari on iOS.
  2. Reload the page 10 times.
  3. The same session ID is printed every time.

enter image description here


Facebook on iOS

  1. Post the link to your Facebook wall.
  2. Tap the link 10 times.
  3. The same session ID is printed every time.

enter image description hereenter image description here


Twitter on iOS

  1. Tweet the link on Twitter.
  2. Tap the link 10 times.
  3. The session ID is missing every time.

enter image description hereenter image description here


The only major difference between Twitter and everyone else is that Twitter converts all links with their shortening service. If you inspect the website source code of your posts, you'll see:

<a href="t.co/someCode">yourOriginalLink.com</a>

This affects your referrer. But how exactly would the referer screw up your session?

I know other websites have gotten sessions to persist on Twitter because I've logged in on those other apps and I remain logged in every time I launch their site. You can look at Meerkat for example. Just search for #meerkat in your Twitter iOS app and click on the link in any of the tweets. You'll be asked to log in. If you click on a second Meerkat link, it will remember that you've already logged in before.

  • 写回答

2条回答 默认 最新

  • douzi8548 2015-03-25 22:53
    关注

    Twitter iOS app destroys its session whenever the webview is dismissed. In standard cookie management, cookies without any explicit expiration are cleared when the session is over. We want to persist the cookie so that the user doesn't have to login over and over.

         $params = session_get_cookie_params();
         setcookie(
             session_name(),
             $_COOKIE[session_name()],
             time() + 60 * 60 * 24 * 365,
             $params["path"],
             $params["domain"],
             $params["secure"],
             $params["httponly"]
         );
    

    Facebook app doesn't clear the cookies whenever the webview disappears, probably because it has smart cacheing logic to keep the webview in memory instead of deallocating it.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥50 如何用python使用opencv里的cv::cudacodec::VideoWriter函数对视频进行GPU硬编码
  • ¥100 c#solidworks 二次开发 工程图自动标边线法兰 等折弯尺寸怎么标
  • ¥15 halcon DrawRegion 提示错误
  • ¥15 FastAPI Uvicorn启动显示404
  • ¥15 centos7.9脚本,怎么排除特定的访问记录
  • ¥15 关于#Django#的问题:我的静态文件呢?
  • ¥15 关于CPLEX的问题,请专家解答
  • ¥15 cocos的点击事件 怎么穿透到 原生fragment上。
  • ¥20 基于相关估计的TDOA算法中的加权最小二乘拟合法matlab仿真
  • ¥20 基于相关估计的TDOA算法中的自适应加权广义互相关法。