php setcookie 没有设置 cookie [重复]
Posted
技术标签:
【中文标题】php setcookie 没有设置 cookie [重复]【英文标题】:php setcookie isn't setting the cookie [duplicate] 【发布时间】:2018-04-09 07:54:55 【问题描述】:我有一个使用 saml 身份验证并通过 cookie 将响应传递回 SP 提供的返回 URL 的应用程序。 php代码是这样的
setcookie('auth', $cred, time() + 30, parse_url($location, PHP_URL_HOST));
error_log($_COOKIE['auth']);
header('Location: ' . $location, true, 303);
die();
重定向工作正常,但未设置 cookie。如上所示,这在 php 和我的应用程序中都得到了确认,使用 document.cookies
我已导出 HAR 以查看请求,它实际上看起来像是正在设置 cookie,但仍无法通过 document.cookie 访问它。它应该工作的方式是应用程序将 window.location 更改为进行身份验证、设置 cookie 并重定向到返回参数的 php 文件。从请求与cookie一起发送的事实来看,我猜它正在被设置,但我似乎无法访问它。
"startedDateTime": "2017-10-27T18:05:36.538Z",
"time": 271.7059999888301,
"request":
"method": "GET",
"url": "https://supportworkslab.sw.test/sw/selfservice/sso/saml_auth.php?wssinstance=selfservice&returnto=http%3A%2F%2Flocalhost%2Fsw%2Fselfservice",
"httpVersion": "HTTP/1.1",
"headers": [
"name": "Pragma",
"value": "no-cache"
,
"name": "Accept-Encoding",
"value": "gzip, deflate, br"
,
"name": "Host",
"value": "supportworkslab.sw.test"
,
"name": "Accept-Language",
"value": "en-US,en;q=0.9"
,
"name": "Upgrade-Insecure-Requests",
"value": "1"
,
"name": "User-Agent",
"value": "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (Khtml, like Gecko) Chrome/62.0.3202.62 Safari/537.36"
,
"name": "Accept",
"value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
,
"name": "Referer",
"value": "http://localhost/sw/selfservice/"
,
"name": "Cookie",
"value": "auth=eyJzdWNjZXNzIjoiQXV0aGVudGljYXRpb24gc3VjY2VzcyEiLCJjdXN0aWQiOiJhbGFuYyIsInNlc3Npb25JZCI6IjU5ZjM2MGRjLTBhOTI5NWFlLTQxYzEiLCJ3ZWJGbGFncyI6IjIxNDc0ODk1NTEiLCJjYWxsQ2xhc3MiOiJJbmNpZGVudCIsImFzc2lnbkdyb3VwIjoiU1VQUE9SVCIsImFzc2lnbkFuYWx5c3QiOiIifQ%3D%3D; SimpleSAMLAuthToken=_04a2be772f96fad7c5e2452846c05df5cbd570305e; SimpleSAML=62d6b2ebea7f66b0360a328dcb4f77a7; PHPSESSID=k9hpb09i3omt43bv7gireeuid0"
,
"name": "Connection",
"value": "keep-alive"
,
"name": "Cache-Control",
"value": "no-cache"
],
"queryString": [
"name": "wssinstance",
"value": "selfservice"
,
"name": "returnto",
"value": "http%3A%2F%2Flocalhost%2Fsw%2Fselfservice"
],
"cookies": [
"name": "auth",
"value": "eyJzdWNjZXNzIjoiQXV0aGVudGljYXRpb24gc3VjY2VzcyEiLCJjdXN0aWQiOiJhbGFuYyIsInNlc3Npb25JZCI6IjU5ZjM2MGRjLTBhOTI5NWFlLTQxYzEiLCJ3ZWJGbGFncyI6IjIxNDc0ODk1NTEiLCJjYWxsQ2xhc3MiOiJJbmNpZGVudCIsImFzc2lnbkdyb3VwIjoiU1VQUE9SVCIsImFzc2lnbkFuYWx5c3QiOiIifQ%3D%3D",
"expires": null,
"httpOnly": false,
"secure": false
,
"name": "SimpleSAMLAuthToken",
"value": "_04a2be772f96fad7c5e2452846c05df5cbd570305e",
"expires": null,
"httpOnly": false,
"secure": false
,
"name": "SimpleSAML",
"value": "62d6b2ebea7f66b0360a328dcb4f77a7",
"expires": null,
"httpOnly": false,
"secure": false
,
"name": "PHPSESSID",
"value": "k9hpb09i3omt43bv7gireeuid0",
"expires": null,
"httpOnly": false,
"secure": false
],
"headersSize": 996,
"bodySize": 0
,
"response":
"status": 303,
"statusText": "See Other",
"httpVersion": "HTTP/1.1",
"headers": [
"name": "Pragma",
"value": "no-cache"
,
"name": "Date",
"value": "Fri, 27 Oct 2017 18:05:36 GMT"
,
"name": "Server",
"value": "Apache"
,
"name": "Content-Type",
"value": "text/html"
,
"name": "Location",
"value": "http://localhost/sw/selfservice"
,
"name": "Set-Cookie",
"value": "SimpleSAML=62d6b2ebea7f66b0360a328dcb4f77a7; path=/; HttpOnly"
,
"name": "Set-Cookie",
"value": "PHPSESSID=k9hpb09i3omt43bv7gireeuid0; path=/; HttpOnly"
,
"name": "Set-Cookie",
"value": "auth=eyJzdWNjZXNzIjoiQXV0aGVudGljYXRpb24gc3VjY2VzcyEiLCJjdXN0aWQiOiJhbGFuYyIsInNlc3Npb25JZCI6IjU5ZjM3NTcwLTBhZTJmNzAzLTNmMTIiLCJ3ZWJGbGFncyI6IjIxNDc0ODk1NTEiLCJjYWxsQ2xhc3MiOiJJbmNpZGVudCIsImFzc2lnbkdyb3VwIjoiU1VQUE9SVCIsImFzc2lnbkFuYWx5c3QiOiIifQ%3D%3D; expires=Fri, 27-Oct-2017 18:06:36 GMT; Max-Age=60; domain=localhost"
,
"name": "Cache-Control",
"value": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
,
"name": "Content-Security-Policy",
"value": "default-src 'self' *.sw.test; frame-src *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; img-src 'self' data: *.twimg.com *.twitter.com;"
,
"name": "Connection",
"value": "Keep-Alive"
,
"name": "Keep-Alive",
"value": "timeout=5, max=100"
,
"name": "Content-Length",
"value": "0"
,
"name": "Expires",
"value": "Thu, 19 Nov 1981 08:52:00 GMT"
],
"cookies": [
"name": "SimpleSAML",
"value": "62d6b2ebea7f66b0360a328dcb4f77a7",
"path": "/",
"expires": null,
"httpOnly": true,
"secure": false
,
"name": "PHPSESSID",
"value": "k9hpb09i3omt43bv7gireeuid0",
"path": "/",
"expires": null,
"httpOnly": true,
"secure": false
,
"name": "auth",
"value": "eyJzdWNjZXNzIjoiQXV0aGVudGljYXRpb24gc3VjY2VzcyEiLCJjdXN0aWQiOiJhbGFuYyIsInNlc3Npb25JZCI6IjU5ZjM3NTcwLTBhZTJmNzAzLTNmMTIiLCJ3ZWJGbGFncyI6IjIxNDc0ODk1NTEiLCJjYWxsQ2xhc3MiOiJJbmNpZGVudCIsImFzc2lnbkdyb3VwIjoiU1VQUE9SVCIsImFzc2lnbkFuYWx5c3QiOiIifQ%3D%3D",
"domain": "localhost",
"expires": "2017-10-27T18:06:36.254Z",
"httpOnly": false,
"secure": false
],
"content":
"size": 0,
"mimeType": "text/html",
"compression": 0
,
"redirectURL": "http://localhost/sw/selfservice",
"headersSize": 1104,
"bodySize": 0,
"_transferSize": 1104
,
【问题讨论】:
重新加载那个页面,你会看到cookie可能会被设置,然后检查它是否被设置。$_COOKIE
显示传入 cookie。要诊断问题,您应该使用浏览器开发者工具。
@ÁlvaroGonzález 我一直在这样做,即使响应确实具有正确的 set-cookie 标头,也没有设置 cookie
在您的问题中显示响应标头 (wget -S
);详述域名等
我可以看到Set-Cookie: auth=eyJ...%3D%3D; expires=Fri, 27-Oct-2017 18:06:36 GMT; Max-Age=60; domain=localhost
。请检查链接的问题。
【参考方案1】:
确保您的 $cred 变量已定义且字符串有效
确保 $location 上的 parse_url() 函数的结果返回一个有效字符串....它必须与您工作的域完全匹配,因此请注意子域问题。
显然,请确保您在过期前检查...60 秒。
【讨论】:
是的,我意识到我没有给它太多时间,但这应该足以让应用程序检查我们是否通过了身份验证。以上是关于php setcookie 没有设置 cookie [重复]的主要内容,如果未能解决你的问题,请参考以下文章
PHP:setcookie() 和 unset() 不删除 cookie