问题描述
问题更新:
- 在某些浏览器中,我们有两个PHPSESSID.
- 我在脚本的任何地方都没有设置一个PHPSESSID
- 它具有HOST(而不是我设置的PHPSESSID的DOMAIN)作为www.mywebsite.com
- 我尝试使用setcookie:
setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/', 'www.mywebsite.com');
删除它,但是失败. - 尝试使用以下命令删除cookie:
setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/');
导致我设置的PHPSESSID被删除. - 我尝试使用
session_name
重命名我设置的SESSION.可以,但是几分钟后几次使我的服务器崩溃. - 我没办法了.
- On some browsers, we have two PHPSESSIDs.
- One PHPSESSID is not set by me anywhere in my script
- It has HOST (instead of DOMAIN for the PHPSESSID I set) as www.mywebsite.com
- I have tried deleting it using setcookie:
setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/', 'www.mywebsite.com');
but this fails. - An attempt to delete cookie using:
setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/');
results in the PHPSESSID I set being deleted. - I have tried using
session_name
to rename the SESSION I set. This works but crashed my server severally after some minutes. - I am out of options.
我正在我的网站上进行PHP会话.
I am working with PHP sessions on my website.
会话路径为/folder,后来我更改为/以适应新的目的.
The session path was /folder, later on I changed to / to fit the new purpose.
现在,旧用户无法登录.
Now, old users cant login.
似乎他们现在在他们的浏览器中存储了两个PHPSESSID-一个带有路径/folder,另一个带有/.
It seems they now have two PHPSESSIDs stored on their browsers - one with path /folder and the other /.
我该怎么做以确保旧用户可以登录,同时确保会话在站点范围内显示为"/".
What can I do to ensure that old users can login while ensuring that the session is sitewide with "/".
更多信息
当我说两个phpsessionid时,请参考图片
When I said two phpsessionid, refer to the image
- 如果我使用 ,则登录有效
A. session_set_cookie_params(864000, '/cv', '.website.com', 0, 1);
但是如果我使用,将无法正常工作
but fails to work if I use:
B. session_set_cookie_params(864000, '/', '.website.com', 0, 1);
- 如果我使用上述版本2A,则该会话仅在/cv中可用,而在其他网站文件夹中则不可用./文件夹.
使用JAVASCRIPT删除PHPSESSID的更新
- 当我运行alert(document.cookie)时,它将显示除PHPSESSID之外的所有cookie
- 因此,所有删除PHPSESSID cookie的尝试都会失败,而其他cookie可以删除.
使用PHP删除PHPSESSID的更新
- 当我
var_dump($_COOKIE['PHPSESSID']);
时,返回的是路径为/cv的PHPSESSID的值 - 尝试用
setcookie ("PHPSESSID", "", time() - 3600);
删除失败.
- When I
var_dump($_COOKIE['PHPSESSID']);
what is returned is the value of the PHPSESSID with path /cv - An attempt to delete with
setcookie ("PHPSESSID", "", time() - 3600);
fails.
推荐答案
我认为您正在混淆,否则您应该详细了解设置/问题.
I think you are mixing up things or you should go into more detail about your setup/problem.
PHP的会话路径是会话数据在服务器(而不是客户端)上存储的位置.请参阅文档: https://secure.php .net/manual/en/session.configuration.php#ini.session.save-path
PHP's session path is the location where session data is stored on your server, not the client. See the documentation: https://secure.php.net/manual/en/session.configuration.php#ini.session.save-path
您可以移动这些文件,并在发生碰撞的情况下更换/保留适合您的外观.这几乎仅受访问/移动内容时的读取/写入权限的限制,并且您的Web服务器用户(例如apache或nginx)或php用户具有从新位置读取/写入新位置的权限.
You can move these files and replace/keep in case of collisions how you see fit. This is pretty much only restricted by read/write-permissions you have when accessing/moving stuff and your webserver-user (e.g. apache or nginx) or php-user has for reading/writing them from/to the new location.
如果通过浏览器中的PHPSESSID"表示会话ID是您的url的一部分,那就是不同的PHP设置,无论如何都应禁用它,请参见文档中的注意事项: https://secure.php.net/manual/en/session.configuration .php#ini.session.use-trans-sid
If by "PHPSESSID in their browser" you mean the session id is part of your urls, that is a different PHP-setting, that should be disabled anyway, see notice in the documentation: https://secure.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid
根据您更新的问题进行
已经有一个不错的基于JS的解决方案,用于使旧的cookie过期.我会同意的.如果您不能这样做,则可以重定向到/cv
,该脚本中有一个php脚本,该脚本读取cookie,并将数据存储在某个位置(例如,基于user_id的数据库),并使cookie过期.然后,您可以重定向到旧页面,查找"/"-cookie并还原数据.这是一个非常丑陋的hack,但是我认为您无法在PHP中获取每个路径的cookie,因为它是服务器端的,并且基于客户端提供的会话ID(但是我可能错了).
There already is a nice JS-based solution for expiring the old cookie. I would go with that. if you can't just do that, you could do a redirect to /cv
have a php-script there that reads the cookie and stores the data somewhere (a database for example based on the user_id) and expire the cookie. Then you can redirect to the old page, look for the "/"-cookie and restore the data. It's a very ugly hack, but I don't think you can get the cookie for each path in PHP, since it's server side and based on the session id provided by the client (but I might be wrong).
这篇关于如何在客户端计算机上删除PHPSESSID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!