I've had this problem in a couple of ZF applications now and it's very frustrating:
我现在在几个ZF应用程序中遇到了这个问题,这非常令人沮丧:
Near the top of my bootstrap I have the following two lines
在我的引导程序顶部附近,我有以下两行
Zend_Session::start();
Zend_Session::regenerateId();
My application requires authentication using Zend_Auth and uses default session storage for persisting an identity. At random the session is lost giving the effect that the user has logged out. If I remove the call to Zend_Session::regenerateId() the session is not lost.
我的应用程序需要使用Zend_Auth进行身份验证,并使用默认会话存储来保持身份。随机会话丢失,从而产生用户已注销的效果。如果我删除对Zend_Session :: regenerateId()的调用,会话不会丢失。
Regenerating the session id increases security so I'd like to get this working. This problem occurs on both my local development server (windows) and our staging server (linux)
重新生成会话ID可以提高安全性,因此我希望能够正常运行。我的本地开发服务器(Windows)和我们的登台服务器(Linux)上都会出现此问题
3 个解决方案
#1
After reading your question i have been looking for a solution to your problem. Actually according to Zend Framework: Documentation the solution is quiet easy.
在阅读您的问题后,我一直在寻找您的问题的解决方案。实际上根据Zend Framework:文档解决方案很容易安静。
"If a user has successfully logged into your website, use rememberMe() instead of regenerateId()."
“如果用户已成功登录您的网站,请使用rememberMe()而不是regenerateId()。”
I hope this will help you out.
我希望这会帮助你。
Greetings,
Younes
[edit: this is the link of where i found this: Zend Framework: Documentation
[编辑:这是我发现这个的链接:Zend Framework:Documentation
#2
I've had a related problem with Zend_Session. Your session might have gotten lost due to the following problem:
我和Zend_Session有一个相关的问题。由于以下问题,您的会话可能已丢失:
try using this:
试着用这个:
Zend_Session::rememberMe(100); // any value here
Then go to any of your pages in the application with your session data set (user logged in for example) and click on the refresh button of the browser very quickly (like double clicking) for 3-5 times. You'll see that your session data has disappeared :(
然后使用会话数据集(例如用户登录)转到应用程序中的任何页面,并快速单击浏览器的刷新按钮(如双击)3-5次。你会看到你的会话数据已经消失:(
The only way I could deal with this is by not using the rememberMe() method for now. I hope somebody will shed light on this issue here. What I think is that the regenerateId() method somehow messes up the cookie value so that subsequent calls from the browser to the server do not get associated with an existing session id.
我能解决这个问题的唯一方法是暂时不使用rememberMe()方法。我希望有人能在这里阐明这个问题。我认为regenerateId()方法会以某种方式弄乱cookie值,以便从浏览器到服务器的后续调用不会与现有会话ID相关联。
#3
I have the same problem when using session cookie, when cookie has expiration everything was ok.
我在使用会话cookie时遇到同样的问题,当cookie到期时一切正常。
When using remember me function the expiration date is set to seconds given as a parameter.
使用“记住我”功能时,过期日期设置为作为参数给出的秒数。
My solution was to put session regeneration code in index.php after creating new Zend_Application and before call $application->bootstrap()->run(); , regenerating id every 5 requests.
我的解决方案是在创建新的Zend_Application之后和调用$ application-> bootstrap() - > run()之前将会话重新生成代码放在index.php中; ,每5个请求重新生成一个id。
/** Zend_Application */
require_once 'Zend/Application.php';
// Create application, bootstrap, and run
$application = new Zend_Application(
APPLICATION_ENV,
APPLICATION_PATH . '/configs/application.ini'
);
// set httponly option (when set in application.ini it dosent work)
Zend_Session::setOptions(array('cookie_httponly' => true));
//regenerate sessionid after 5 hits
$defaultNamespace = new Zend_Session_Namespace();
if ($defaultNamespace->initialized > 3) {
Zend_Session::regenerateId();
$defaultNamespace->initialized = 0;
} else {
$defaultNamespace->initialized++;
}
//run application
$application->bootstrap()->run();
#1
After reading your question i have been looking for a solution to your problem. Actually according to Zend Framework: Documentation the solution is quiet easy.
在阅读您的问题后,我一直在寻找您的问题的解决方案。实际上根据Zend Framework:文档解决方案很容易安静。
"If a user has successfully logged into your website, use rememberMe() instead of regenerateId()."
“如果用户已成功登录您的网站,请使用rememberMe()而不是regenerateId()。”
I hope this will help you out.
我希望这会帮助你。
Greetings,
Younes
[edit: this is the link of where i found this: Zend Framework: Documentation
[编辑:这是我发现这个的链接:Zend Framework:Documentation
#2
I've had a related problem with Zend_Session. Your session might have gotten lost due to the following problem:
我和Zend_Session有一个相关的问题。由于以下问题,您的会话可能已丢失:
try using this:
试着用这个:
Zend_Session::rememberMe(100); // any value here
Then go to any of your pages in the application with your session data set (user logged in for example) and click on the refresh button of the browser very quickly (like double clicking) for 3-5 times. You'll see that your session data has disappeared :(
然后使用会话数据集(例如用户登录)转到应用程序中的任何页面,并快速单击浏览器的刷新按钮(如双击)3-5次。你会看到你的会话数据已经消失:(
The only way I could deal with this is by not using the rememberMe() method for now. I hope somebody will shed light on this issue here. What I think is that the regenerateId() method somehow messes up the cookie value so that subsequent calls from the browser to the server do not get associated with an existing session id.
我能解决这个问题的唯一方法是暂时不使用rememberMe()方法。我希望有人能在这里阐明这个问题。我认为regenerateId()方法会以某种方式弄乱cookie值,以便从浏览器到服务器的后续调用不会与现有会话ID相关联。
#3
I have the same problem when using session cookie, when cookie has expiration everything was ok.
我在使用会话cookie时遇到同样的问题,当cookie到期时一切正常。
When using remember me function the expiration date is set to seconds given as a parameter.
使用“记住我”功能时,过期日期设置为作为参数给出的秒数。
My solution was to put session regeneration code in index.php after creating new Zend_Application and before call $application->bootstrap()->run(); , regenerating id every 5 requests.
我的解决方案是在创建新的Zend_Application之后和调用$ application-> bootstrap() - > run()之前将会话重新生成代码放在index.php中; ,每5个请求重新生成一个id。
/** Zend_Application */
require_once 'Zend/Application.php';
// Create application, bootstrap, and run
$application = new Zend_Application(
APPLICATION_ENV,
APPLICATION_PATH . '/configs/application.ini'
);
// set httponly option (when set in application.ini it dosent work)
Zend_Session::setOptions(array('cookie_httponly' => true));
//regenerate sessionid after 5 hits
$defaultNamespace = new Zend_Session_Namespace();
if ($defaultNamespace->initialized > 3) {
Zend_Session::regenerateId();
$defaultNamespace->initialized = 0;
} else {
$defaultNamespace->initialized++;
}
//run application
$application->bootstrap()->run();