I have a website where the login info is optionally saved in a cookie (remember me checkbox at login) and when the user logs out, the value of the authentication cookie won't change to expire the cookie allowing logout.
我有一个网站,其中登录信息可选地保存在cookie中(在登录时记住我的复选框),当用户注销时,身份验证cookie的值不会更改为允许注销的cookie到期。
The system does work correctly in both the dev and staging servers but for some reason will not work on our production server. We are running PHP 5 and Apache on all the servers.
系统在开发和登台服务器中都能正常工作,但由于某种原因,我们的生产服务器无法正常工作。我们在所有服务器上运行PHP 5和Apache。
Thanks.
Function to set cookie (minor edits for security):
设置cookie的功能(安全性的小编辑):
function setCookieInfo($data,$expiry=0)
{
if($data === false)
{
//remove cookie!
$cookie = false;
$expiry = 100; //should be in the past enough!
}
else
{
$serial = base64_encode(serialize($data));
$hash = md5($XXX);
$cookie = $hash."---".$serial;
}
if($_SERVER['SERVER_NAME']=='localhost')
{
$domain = null;
}
else
{
$domain = '.'.$_SERVER['SERVER_NAME'];
}
return setcookie('Auth', $cookie, $expiry, $this->controller->base, $domain);
}
3 个解决方案
#1
Posting some actual code might help, but I'll hazard a guess that it has something to do with the cookie domain being used.
发布一些实际的代码可能有所帮助,但我猜测它与正在使用的cookie域有关。
#2
Grab a traffic capture (e.g. www.fiddler2.com) of the SetCookie call that is intended to delete the cookie, and ensure that the Domain is valid and the expiration time/value is as expected.
获取旨在删除cookie的SetCookie调用的流量捕获(例如www.fiddler2.com),并确保域有效且过期时间/值与预期一致。
#3
Assuming you are using the PHP setcookie() function, make sure that the domain and path for the cookie are set correctly. Check PHP's documentation for the function for more information.
假设您正在使用PHP setcookie()函数,请确保正确设置cookie的域和路径。有关更多信息,请查看PHP的文档以获取该函数。
I might be able to tell you for sure if I had a little more info. Can you provide any more information without compromising too much about the project? How about the URLs of the dev, staging, and production servers, or at least examples of what they might be like?
我或许可以告诉你我是否有更多的信息。您是否可以提供更多信息而不会过多地影响项目?开发,登台和生产服务器的URL如何,或者至少它们可能是什么样的例子?
Edit
Based upon the info you provided in your comment, I would recommend that you try using HTTP_HOST instead of SERVER_NAME. SERVER_NAME might be giving you a weird value depending upon your virtual server setup. Your path might not be quite right either - try a '/' and it should be available regardless of the subdirectory the user is in.
根据您在评论中提供的信息,我建议您尝试使用HTTP_HOST而不是SERVER_NAME。 SERVER_NAME可能会给您一个奇怪的值,具体取决于您的虚拟服务器设置。您的路径也可能不太正确 - 尝试'/',无论用户所在的子目录是什么,它都应该可用。
Also,
$this->controller->base
makes me think that you might be using CodeIgniter or Kohana. If so, you might consider using their cookie helpers.
让我觉得你可能正在使用CodeIgniter或Kohana。如果是这样,您可以考虑使用他们的cookie助手。
#1
Posting some actual code might help, but I'll hazard a guess that it has something to do with the cookie domain being used.
发布一些实际的代码可能有所帮助,但我猜测它与正在使用的cookie域有关。
#2
Grab a traffic capture (e.g. www.fiddler2.com) of the SetCookie call that is intended to delete the cookie, and ensure that the Domain is valid and the expiration time/value is as expected.
获取旨在删除cookie的SetCookie调用的流量捕获(例如www.fiddler2.com),并确保域有效且过期时间/值与预期一致。
#3
Assuming you are using the PHP setcookie() function, make sure that the domain and path for the cookie are set correctly. Check PHP's documentation for the function for more information.
假设您正在使用PHP setcookie()函数,请确保正确设置cookie的域和路径。有关更多信息,请查看PHP的文档以获取该函数。
I might be able to tell you for sure if I had a little more info. Can you provide any more information without compromising too much about the project? How about the URLs of the dev, staging, and production servers, or at least examples of what they might be like?
我或许可以告诉你我是否有更多的信息。您是否可以提供更多信息而不会过多地影响项目?开发,登台和生产服务器的URL如何,或者至少它们可能是什么样的例子?
Edit
Based upon the info you provided in your comment, I would recommend that you try using HTTP_HOST instead of SERVER_NAME. SERVER_NAME might be giving you a weird value depending upon your virtual server setup. Your path might not be quite right either - try a '/' and it should be available regardless of the subdirectory the user is in.
根据您在评论中提供的信息,我建议您尝试使用HTTP_HOST而不是SERVER_NAME。 SERVER_NAME可能会给您一个奇怪的值,具体取决于您的虚拟服务器设置。您的路径也可能不太正确 - 尝试'/',无论用户所在的子目录是什么,它都应该可用。
Also,
$this->controller->base
makes me think that you might be using CodeIgniter or Kohana. If so, you might consider using their cookie helpers.
让我觉得你可能正在使用CodeIgniter或Kohana。如果是这样,您可以考虑使用他们的cookie助手。