dongshi949737 2016-03-08 12:56
浏览 27
已采纳

在iframe fetcher中设置来自ajax的php会话进行识别

I am using phonegap and I want to provide a version of my app as follows:

  • I'm running a https service. I login using an ajax function and retrieve the phpsession to the frontend (in phonegap).

  • I confirm that the login works because I receive the php session string. I then redirect the user to another phonegap page where I display my website via

<iframe style="width:100%; height:100%" src="my_website" />

However, the php session fetched via ajax is not started in the iframe and I need it to be. How can I do this so that the iframe starts with the same php session?

Thank you very much for your help.

  • 写回答

1条回答 默认 最新

  • douyou3619 2016-03-08 13:33
    关注

    First, understand the dangers of exposing session values in this way (https mitigates hijacking but not when the attack vector is XSS).

    Then, either...

    Drop the session id into a cookie when the AJAX request lands,

    or append it to the URL used to retrieve the iframe content and enable transid in the config or add some PHP code to parse it yourself, e.g.

    <?php

if (isset($_GET[session_name()]) && 10<strlen($_GET[session_name()))) {
    session_id($_GET[session_name()]);
}
session_start();
...
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 ML307A在使用AT命令连接EMQX平台的MQTT时被拒绝
  • ¥20 腾讯企业邮箱邮件可以恢复么
  • ¥15 有人知道怎么将自己的迁移策略布到edgecloudsim上使用吗?
  • ¥15 错误 LNK2001 无法解析的外部符号
  • ¥50 安装pyaudiokits失败
  • ¥15 计组这些题应该咋做呀
  • ¥60 更换迈创SOL6M4AE卡的时候,驱动要重新装才能使用,怎么解决?
  • ¥15 让node服务器有自动加载文件的功能
  • ¥15 jmeter脚本回放有的是对的有的是错的
  • ¥15 r语言蛋白组学相关问题