我在>允许php session继续到子域中找到的一种解决方案涉及将session.cookie_domain变量更改为,以便所有子域都可以共享会话变量,但是似乎有些错误.我仍然可以在subdomain1上登录并进行导航,但是一旦我从subdomain2加载页面,subdomain1就会立即丢失其所有会话数据,并带回到登录页面.这也以相反的方式发生(首先从subdomain2登录).在进行更改之前,可以同时登录子域,但它们不会彼此看到".什么可能导致此问题发生?解决方案我怀疑是 suhoshin项目的会话加密功能,此补丁集已包含在内在大多数基于debian的系统中.它可以配置为使用从各种来源生成的密钥对会话文件的内容进行编码,以保护会话内容免受同一台计算机(共享主机)上运行的其他php脚本或会话劫持的影响.来源之一是 docroot (由默认值),通常在每个子域上都不同.检查其是否已安装简单的phpinfo()将报告扩展名及其设置,在名为suhosin的块中查找,然后在其下查看suhosin.session.encrypt和suhosin.session.cryptdocroot是否已打开禁用加密很明显,您可以编辑php.ini以禁用整个加密,或者如果可以访问服务器,则只能禁用docroot部分.如果不这样做,并且服务器正在运行apache,请尝试在php应用程序根目录的.htaccess文件中将其禁用,如下所示:php_flag "suhosin.session.cryptdocroot" 0如果它能正常工作,您应该在phpinfo()输出中看到区别. (本地值列)如果主机不允许.htaccess文件,则可以在php中设置相同的变量,但是在session_start()之前进行设置很重要.希望您可以使用某种前端控制器来放置它.ini_set('suhosin.session.cryptdocroot', 0);phpinfo(); phpinf的输出应该与.htaccess方法中的cryptdocroot行相同,并带有"Off"局部值. I have a website running with two subdomains, both of which require login (based on the same DB access credentials). In order to make it easier for users, I wanted to change it so they can navigate both subdomains without having to log in separately: essentially, they log in at one of the subdomains and can then freely navigate between one and the other.One solution I found at Allow php sessions to carry over to subdomains involves changing the session.cookie_domain variable to so that all subdomains would share the session variables, but something seems to be wrong. I can still login at subdomain1 and navigate it, but as soon as I load a page from subdomain2, subdomain1 instantly loses all its session data and I'm taken back to the login page. This also happens the other way around (logging in from subdomain2 at first). Prior to the change, subdomains could be simultaneously logged in but they wouldn't 'see' each other.What could be causing this problem to occur? 解决方案 My suspect is the suhoshin project's session encryption feature, this patchset is included in most debian based systems. It can be configured to encode the session file's content with a key generated from various sources, to protect the session contents from other php scripts running on the same machine (shared hosting) or session hijacking. One of the sources is the docroot (enabled by default) which is usually different on every subdomain.Check if its installedA simple phpinfo() will report the extension and it's settings, look for a block named suhosin and below that see if suhosin.session.encrypt and suhosin.session.cryptdocroot is onDisabling the encryptionObviously you can edit your php.ini to disable the whole encryption or only the docroot part if you have access to the server.If you don't, and the server is running apache, try disabling it in the .htaccess file of your php app's root like this:php_flag "suhosin.session.cryptdocroot" 0If its working you should see the difference in the phpinfo() output. (Local value column)If your host doesn't allow a .htaccess file, you can set the same variable in php, but its important to do it before session_start(). Hopefully you have some kind of a front controller to place this in.ini_set('suhosin.session.cryptdocroot', 0);phpinfo();The output of the phpinf should be same as in the .htaccess method, cryptdocroot line with an "Off" local value. 这篇关于PHP会话正在子域之间重置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云! 07-31 21:44