Codeigniter 3.0.3会话不是持久的

时间:2022-10-06 22:33:32

I am having very weird problem, The sessions in Codeigniter 3.0.3 are not saved for next request. Each time when a request is done, it creates a new session record and doesn't use it next time.

我有一个非常奇怪的问题,Codeigniter 3.0.3中的会话不会保存为下一个请求。每次请求完成时,它都会创建一个新的会话记录,并且下次不会使用它。

The weird part of it is, it does work on HTTPS version of website, but not HTTP.

它的奇怪部分是,它确实适用于HTTPS版本的网站,但不适用于HTTP。

The scenario: On the login page of my website, I do an AJAX call (on this call I set some session variables and flashdatas). Once I get success message, I reload page to the profile page.

场景:在我网站的登录页面上,我做了一个AJAX调用(在这个调用中我设置了一些会话变量和flashdatas)。获得成功消息后,我将页面重新加载到配置文件页面。

This whole process don't work when I use HTTP, but HTTPS.

当我使用HTTP而不是HTTPS时,整个过程不起作用。

Any help would be appreciated.

任何帮助,将不胜感激。

EDIT v1: Addition, even CSRF doesn't work over HTTP. I disable it to test the system.

编辑v1:添加,甚至CSRF也不能通过HTTP工作。我禁用它来测试系统。

EDIT v2: Code requested by @DFriend

编辑v2:@DFriend请求的代码

config.php

config.php文件

$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'jupiter';
$config['sess_expiration'] = 0;
$config['sess_save_path'] = "hkr_sessions"; 
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

$config['cookie_prefix']    = '';
$config['cookie_domain']    = '.jupiter.rjv.me';
$config['cookie_path']      = '/';
$config['cookie_secure']    = TRUE; // PS: tried FALSE version as well, but no change. 
$config['cookie_httponly'] = FALSE;

User.php controller

User.php控制器

public function login_required() {
  if (!$this->logged_in()) {
    $this->session->set_flashdata("login_error", "You have to be logged in to see this page.");
    $this->session->set_userdata('redirect_back', $this->agent->referrer());
    redirectt('/login');
  }
}

routes.php

routes.php文件

$route['login/required'] = 'user/login_required';

A simple method like this, when I browse to http://domain.ltd/login/required it redirects to http://domain.ltd/login with printing message like "You have to be logged in to see this page.". Once the user logins, it redirects user back to the page previously he/she was.

这样一个简单的方法,当我浏览到http://domain.ltd/login/required时,它会重定向到http://domain.ltd/login并显示“你必须登录才能看到这个页面”这样的打印消息。 。一旦用户登录,它就会将用户重定向回他/她之前的页面。

In my case it does redirect to /login page, but doesn't print out flashdata message.

在我的情况下,它确实重定向到/登录页面,但不打印出flashdata消息。

Here is MY_Controller.php

这是MY_Controller.php

class MY_Controller extends CI_Controller {
  protected $logged_in = NULL;
  protected $is_ajax   = NULL;
  protected $user_id   = NULL;

  public function __construct() {
    parent::__construct();

    log_message("DEBUG", "session variables: " . print_r($this->session->all_userdata(), true));

    $this->logged_in = $this->session->userdata('logged_in');
    $this->is_ajax = $this->input->is_ajax_request();
    $this->user_id = $this->session->userdata('user_id');
  }
}

As you see, I print out session variables on each request.

如您所见,我在每个请求上打印出会话变量。

Here is the output of the sessions over HTTP request:

以下是HTTP请求的会话输出:

DEBUG - 2016-01-03 07:17:27 --> session variables: Array
(
    [__ci_last_regenerate] => 1451805447
)

Here is the output of the sessions over HTTPS request:

以下是HTTPS请求的会话输出:

DEBUG - 2016-01-03 07:19:44 --> session variables: Array
(
    [__ci_last_regenerate] => 1451805564
    [redirect_back] => https://jupiter.rjv.me/book/1497-sefiller-viktor-mari-huqo
)

I haven't changed any code, just tried on both requests, HTTP and HTTPS. The session outputs are different. One doesn't save, the other does. I hope this would help you to identify the problem.

我没有更改任何代码,只是尝试了两个请求,HTTP和HTTPS。会议结果不同。一个不保存,另一个保存。我希望这可以帮助您找出问题所在。

1 个解决方案

#1

1  

I was actually modifying headers on my .htaccess file and one rule was causing the issue. See the commented line - that line was the issue.

我实际上正在修改.htaccess文件中的标题,并且一条规则导致了问题。请参阅注释行 - 该行是问题所在。

<IfModule mod_headers.c>
    Header append Vary User-Agent env=!dont-vary
    Header set X-XSS-Protection: "1; mode=block"
    Header unset Server
    Header set X-Content-Security-Policy "allow 'self';"
    # Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</IfModule>

#1

1  

I was actually modifying headers on my .htaccess file and one rule was causing the issue. See the commented line - that line was the issue.

我实际上正在修改.htaccess文件中的标题,并且一条规则导致了问题。请参阅注释行 - 该行是问题所在。

<IfModule mod_headers.c>
    Header append Vary User-Agent env=!dont-vary
    Header set X-XSS-Protection: "1; mode=block"
    Header unset Server
    Header set X-Content-Security-Policy "allow 'self';"
    # Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</IfModule>
标签:

相关文章