iPhone“书签到home creen”删除cookies和会话?

时间:2022-08-24 09:33:05

Right now I am developing a Web-based Application, where the User has to login first.

现在我正在开发一个基于web的应用程序,用户必须首先登录。

When I open the Page by iPhone Safari, login and restart Safari, I am still logged in (Cookie & Session ID still set).

当我通过iPhone Safari、登录和重新启动Safari打开页面时,我仍然登录(Cookie和会话ID仍然设置)。

But when I add this Page with "Add to Home Screen", each Time i click the Icon for that page, I have to login again.

但是当我添加这个页面的“添加到主界面”时,每次我点击这个页面的图标,我都必须再次登录。

I did not find any information about that. What can I do so my users can set this page to their home screen as icon and still don't have to login each time they open it?

我没有找到任何有关那件事的资料。我能做些什么,让我的用户可以把这个页面设置成他们的主页面图标,并且不用每次打开它时都登录它?

4 个解决方案

#1


13  

A really simple approach could be to use a unique token in your Bookmark-URL which can serve you as a unique device identifier.

一个非常简单的方法是在书签url中使用唯一的令牌,它可以作为唯一的设备标识符服务于您。

Example: http://myWebApp.com/?token=randomId29238/1

例如:http://myWebApp.com/?token=randomId29238/1

The token can be generated at the server side at opening time of the application in Mobile Safari and before the user is prompted with the "Add to Home Screen" information. The token can then be added to the URL using a quick redirect (…&token=randomToken) or a location hash (…#randomToken).

令牌可以在应用程序在Mobile Safari上的开放时间在服务器端生成,在用户被提示“添加到主屏幕”信息之前。然后,可以使用快速重定向(…&token=randomToken)或位置散列(…#randomToken)将令牌添加到URL。

Whenever the Bookmark is now opened from the Home Screen, the token is sent to your server and you can identify the user's active session. You may also use the token as a permanent session id, but I advise against that because of security concerns.

每当从主屏幕打开书签时,标记就被发送到您的服务器,您可以识别用户的活动会话。您也可以将该令牌用作永久会话id,但出于安全考虑,我建议不要这样做。

To allow future logout and login procedures, you can always assign the new sessions to the token.

为了允许将来的登出和登录过程,您总是可以为令牌分配新的会话。

The token will serve you as a unique device identifier whenever the user will re-open your link from his Home Screen.

当用户从主屏幕重新打开您的链接时,令牌将作为唯一的设备标识符服务。

#2


9  

There is an easier and, imo, more elegant solution than favo's.

在我看来,有一种比favo更简单、更优雅的解决方案。

At least under iOS 4.2.1, 5.1.1, 6.0 and 6.1 (I couldn't test other versions), if you extend the lifetime of your session cookie manually, Safari will hold on to the session cookie and even allow sharing of the session between the 'home screen installed' version of your web app and normal visits through Safari itself.

至少在iOS 4.2.1,准备5.1.1,6.0和6.1(我无法测试其他版本),如果你扩展的生命周期手动会话cookie,Safari将保持会话cookie,甚至允许共享会话之间的主屏幕安装的版本的web应用程序并通过Safari本身正常访问。

The trick is to do this:

诀窍在于:

// Start or resume session
session_start(); 

// Extend cookie life time by an amount of your liking
$cookieLifetime = 365 * 24 * 60 * 60; // A year in seconds
setcookie(session_name(),session_id(),time()+$cookieLifetime);

For a more elaborate discussion of this strategy you can take a look at my answer of this question:

想要更详细地讨论这个策略,你可以看看我对这个问题的回答:

Maintain PHP Session in web app on iPhone

在iPhone的web应用程序中维护PHP会话

#3


3  

There are persistent key-value storage and database storage available for web apps. You can save your authentication data using localStorage object and use XMLHttpRequest to send it to the server. Another option is saving your persistent data in a SQLite database, however this doesn’t seem to be a proper solution in your case. Check out Apple’s Client-Side Storage and Offline Applications Programming Guide for details/examples.

web应用程序有持久的键值存储和数据库存储。可以使用localStorage对象保存身份验证数据,并使用XMLHttpRequest将其发送到服务器。另一种方法是将持久数据保存在SQLite数据库中,但是这似乎不是合适的解决方案。查看苹果的客户端存储和离线应用程序编程指南,了解细节/示例。

#4


2  

I am going to expand a little further on Waldo Baggins' answer.

我将进一步扩展Waldo Baggins的回答。

When I ran into this, I discovered the reason this was happening is that session cookies set on the server usually do not have an expiration value set. The default behavior in this case is for the browser to discard the cookie when the browser is closed / re-opened. Since the browser does not resend the cookie on re-opening, the server has no way of identifying the session, even if it hasn't expired on the server yet, and thus, your user is redirected back to the login page.

当我遇到这种情况时,我发现发生这种情况的原因是服务器上设置的会话cookie通常没有过期值设置。由于浏览器在重新打开时不会重新发送cookie,因此服务器无法识别会话,即使它还没有在服务器上过期,因此,您的用户将被重定向回登录页面。

When the user is using your site in web app mode (icon added to home screen), iOS treats navigating to / from the app the same way a desktop computer would treat closing and reopening the browser, and loses the session when reopened.

当用户在web应用程序模式下使用你的网站时(图标添加到主屏幕),iOS就会像桌面电脑一样处理关闭和重新打开浏览器的操作,并在重新打开时丢失会话。

So following Wilbo's suggestion and setting an expiration time for the cookie, iOS checks if the cookie has expired when the user navigates back to your app, and if it hasn't, re-sends the cookie, thus maintaining the session. The value of 1 year in Wilbo's answer is ridiculously long, you would typically want to set this to something like 8 or 24 hours, and ideally sync it with the session expiry timeout value you have set on the server.

因此,根据Wilbo的建议并为cookie设置一个过期时间,iOS会检查当用户导航回应用程序时,cookie是否已经过期,如果没有,则重新发送cookie,从而维护会话。在Wilbo的答案中,1年的值长得离谱,您通常希望将其设置为8或24小时,并且理想地将其与服务器上设置的会话过期值同步。

Note that as a side effect, when your site is accessed from a desktop browser, and the user closes and re-opens the browser, the session would continue to persist and the user will still be logged in, which wouldn't have been the case previously (unless they were browsing privately). Your "Logout" feature would have to properly handle expiring this cookie.

注意,作为一个副作用,当从桌面浏览器访问您的站点时,当用户关闭并重新打开浏览器时,会话将继续保持,用户仍将被登录,这在以前是不可能的(除非他们正在私下浏览)。您的“注销”特性将必须正确处理到期的cookie。

For a Java webapp using web.xml version 3.0 or higher, the easiest way to do this is to modify <session-config> as follows:

用于使用web的Java web应用程序。最简单的方法是修改 ,如下所示:

<session-config>
    <session-timeout>600</session-timeout> <!-- In minutes -->
    <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
        <max-age>36000</max-age> <!-- In seconds -->
    </cookie-config>
</session-config>

#1


13  

A really simple approach could be to use a unique token in your Bookmark-URL which can serve you as a unique device identifier.

一个非常简单的方法是在书签url中使用唯一的令牌,它可以作为唯一的设备标识符服务于您。

Example: http://myWebApp.com/?token=randomId29238/1

例如:http://myWebApp.com/?token=randomId29238/1

The token can be generated at the server side at opening time of the application in Mobile Safari and before the user is prompted with the "Add to Home Screen" information. The token can then be added to the URL using a quick redirect (…&token=randomToken) or a location hash (…#randomToken).

令牌可以在应用程序在Mobile Safari上的开放时间在服务器端生成,在用户被提示“添加到主屏幕”信息之前。然后,可以使用快速重定向(…&token=randomToken)或位置散列(…#randomToken)将令牌添加到URL。

Whenever the Bookmark is now opened from the Home Screen, the token is sent to your server and you can identify the user's active session. You may also use the token as a permanent session id, but I advise against that because of security concerns.

每当从主屏幕打开书签时,标记就被发送到您的服务器,您可以识别用户的活动会话。您也可以将该令牌用作永久会话id,但出于安全考虑,我建议不要这样做。

To allow future logout and login procedures, you can always assign the new sessions to the token.

为了允许将来的登出和登录过程,您总是可以为令牌分配新的会话。

The token will serve you as a unique device identifier whenever the user will re-open your link from his Home Screen.

当用户从主屏幕重新打开您的链接时,令牌将作为唯一的设备标识符服务。

#2


9  

There is an easier and, imo, more elegant solution than favo's.

在我看来,有一种比favo更简单、更优雅的解决方案。

At least under iOS 4.2.1, 5.1.1, 6.0 and 6.1 (I couldn't test other versions), if you extend the lifetime of your session cookie manually, Safari will hold on to the session cookie and even allow sharing of the session between the 'home screen installed' version of your web app and normal visits through Safari itself.

至少在iOS 4.2.1,准备5.1.1,6.0和6.1(我无法测试其他版本),如果你扩展的生命周期手动会话cookie,Safari将保持会话cookie,甚至允许共享会话之间的主屏幕安装的版本的web应用程序并通过Safari本身正常访问。

The trick is to do this:

诀窍在于:

// Start or resume session
session_start(); 

// Extend cookie life time by an amount of your liking
$cookieLifetime = 365 * 24 * 60 * 60; // A year in seconds
setcookie(session_name(),session_id(),time()+$cookieLifetime);

For a more elaborate discussion of this strategy you can take a look at my answer of this question:

想要更详细地讨论这个策略,你可以看看我对这个问题的回答:

Maintain PHP Session in web app on iPhone

在iPhone的web应用程序中维护PHP会话

#3


3  

There are persistent key-value storage and database storage available for web apps. You can save your authentication data using localStorage object and use XMLHttpRequest to send it to the server. Another option is saving your persistent data in a SQLite database, however this doesn’t seem to be a proper solution in your case. Check out Apple’s Client-Side Storage and Offline Applications Programming Guide for details/examples.

web应用程序有持久的键值存储和数据库存储。可以使用localStorage对象保存身份验证数据,并使用XMLHttpRequest将其发送到服务器。另一种方法是将持久数据保存在SQLite数据库中,但是这似乎不是合适的解决方案。查看苹果的客户端存储和离线应用程序编程指南,了解细节/示例。

#4


2  

I am going to expand a little further on Waldo Baggins' answer.

我将进一步扩展Waldo Baggins的回答。

When I ran into this, I discovered the reason this was happening is that session cookies set on the server usually do not have an expiration value set. The default behavior in this case is for the browser to discard the cookie when the browser is closed / re-opened. Since the browser does not resend the cookie on re-opening, the server has no way of identifying the session, even if it hasn't expired on the server yet, and thus, your user is redirected back to the login page.

当我遇到这种情况时,我发现发生这种情况的原因是服务器上设置的会话cookie通常没有过期值设置。由于浏览器在重新打开时不会重新发送cookie,因此服务器无法识别会话,即使它还没有在服务器上过期,因此,您的用户将被重定向回登录页面。

When the user is using your site in web app mode (icon added to home screen), iOS treats navigating to / from the app the same way a desktop computer would treat closing and reopening the browser, and loses the session when reopened.

当用户在web应用程序模式下使用你的网站时(图标添加到主屏幕),iOS就会像桌面电脑一样处理关闭和重新打开浏览器的操作,并在重新打开时丢失会话。

So following Wilbo's suggestion and setting an expiration time for the cookie, iOS checks if the cookie has expired when the user navigates back to your app, and if it hasn't, re-sends the cookie, thus maintaining the session. The value of 1 year in Wilbo's answer is ridiculously long, you would typically want to set this to something like 8 or 24 hours, and ideally sync it with the session expiry timeout value you have set on the server.

因此,根据Wilbo的建议并为cookie设置一个过期时间,iOS会检查当用户导航回应用程序时,cookie是否已经过期,如果没有,则重新发送cookie,从而维护会话。在Wilbo的答案中,1年的值长得离谱,您通常希望将其设置为8或24小时,并且理想地将其与服务器上设置的会话过期值同步。

Note that as a side effect, when your site is accessed from a desktop browser, and the user closes and re-opens the browser, the session would continue to persist and the user will still be logged in, which wouldn't have been the case previously (unless they were browsing privately). Your "Logout" feature would have to properly handle expiring this cookie.

注意,作为一个副作用,当从桌面浏览器访问您的站点时,当用户关闭并重新打开浏览器时,会话将继续保持,用户仍将被登录,这在以前是不可能的(除非他们正在私下浏览)。您的“注销”特性将必须正确处理到期的cookie。

For a Java webapp using web.xml version 3.0 or higher, the easiest way to do this is to modify <session-config> as follows:

用于使用web的Java web应用程序。最简单的方法是修改 ,如下所示:

<session-config>
    <session-timeout>600</session-timeout> <!-- In minutes -->
    <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
        <max-age>36000</max-age> <!-- In seconds -->
    </cookie-config>
</session-config>