从ssl移动到非ssl时

从ssl移动到非ssl时

关注
发信
关注(28)粉丝(399)

从ssl移动到非ssl时,会话不保存

本文介绍了从ssl移动到非ssl时,会话不保存的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个登录屏幕,我强制为ssl,所以像这样:

,然后他们登录后,他们被移动到主页:

I have a login screen that I force to be ssl, so like this:https://www.foobar.com/loginthen after they login, they get moved to the homepage:https://www.foobar.com/dashbaord

但是,我想在登录后移动用户离开SSL(以节省CPU),所以只是在检查他们实际上已登录我将它们移动到

However, I want to move people off of SSL once logged in (to save CPU), so just after checking that they are in fact logged in on https://www.foobar.com/dashbaord I move them tohttp://www.foobar.com/dashbaord

这总是似乎擦去输出会话变量,因为当页面再次运行时,它会确认他们已登录(如所有页面都做),并且会话似乎不存在,因此将其移动到登录屏幕。

Well this always seems to wipe out the session variables, because when the page runs again, it confirms they are logged in (as all pages do) and session appears not to exist, so it moves them to the login screen.

奇怪/发现:


  1. 列表项

  2. 第二次登录始终有效,并高兴地邀请我

  3. 它成功创建了一个cookie第一次登录

  4. 如果我登录两次,然后注销,并再次登录,我不需要两个登录(我似乎已经跟踪到这一事实,存在)。

  5. 第二次登录后,我可以从ssl的非ssl移动,会话仍然存在。

  6. 在第一次登录时,移动到非ssl网站完全擦除会话,手动移回ssl网站仍强制我再次登录。

  7. 第二次登录使用完全相同的机制,通过ssl

  1. List item
  2. The second login always works, and happily gets me to http://www.foobar.com/dashbaord
  3. It successfully creates a cookie the first login
  4. If I login twice, then logout, and login again, I don't need two logins (I seem to have traced this to the fact that the cookie exists). If I delete the cookie, I'm back to two logins.
  5. After the second login, I can move from non-ssl from ssl and the session persists.
  6. On the first login, the move to the non-ssl site wipes out the session entirely, manually moving back to the ssl site still forces me to login again.
  7. The second login using the exact same mechanism as the first, over ssl

我尝试:


  1. 使用Cake的safe.level和session.checkagent设置 - 没有

  2. 在db中存储会话) - 没有

  3. 在FF机器上测试FF,IE和Chrome。

我觉得这是与创建的cookie有关的,但没有被阅读。

So I feel like this is something related to the cookie being created but not being read.

环境:
1. Debian
2. Apache 2
3. Mysql 4
4. PHP 5
5. CakePHP
6.会话正在保存PHP默认值,如文件

Environment:1. Debian2. Apache 23. Mysql 44. PHP 55. CakePHP6. Sessions are being saved PHP default, as files

推荐答案

我想出了这一点。 Cake自动在SSL连接下自动切换session.cookie_secure ini值,所以正在创建的cookie是一个安全的cookie,第二页不能识别。

I figured this out. Cake was switching the session.cookie_secure ini value on-the-fly while under SSL connections automatically, So the cookie being created was a secure cookie, which the second page wouldn't recognize.

解决方案,注释/cake/lib/session.php第420行ish:

Solution, comment out /cake/lib/session.php line 420 ish:

(只需搜索即可找到它,因为我确信线#将随着版本的发布而改变。 )

(Just search for that to find it, as I'm sure the line # will change as releases come out.)

这篇关于从ssl移动到非ssl时,会话不保存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 03:07
Powered by LMLPHP ©2024 从ssl移动到非ssl时 0.037178