为什么我的 PHP 会话会死掉?为什么我不能恢复它们?
我有一个使用 PHP 和 PayPal API 的应用程序.获取付款的基本方式是您对 PayPal 进行 Web 服务调用以获取令牌,然后使用该令牌将浏览器重定向到 PayPal 以供用户支付.确认付款详细信息后,PayPal 会重定向回您最初在服务调用中设置的 URL.
I have an app using PHP and the PayPal API. The basic way it works to get a payment is that you do a web service call to PayPal to get a token and then do a browser redirect to PayPal with that token for the user to pay. After the payment details have been confirmed, PayPal redirects back to the URL you originally set in the service call.
这一切都有效,每天有数百万人使用它,等等.
This all works, millions of people use it every day, et cetera.
奇怪的是,当 PayPal 重定向回来时,PHP 会话消失了.这是一个有据可查的问题.
Strange thing is, when PayPal redirects back, the PHP session is gone. It's a well-documented issue.
第一个问题:为什么会这样?两个页面都在同一个域中,都使用 HTTPS.该会话适用于所有请求,直到 PayPal 重定向回来.
First question: why is this happening? Both pages are on the same domain, both use HTTPS. The session works for all requests up until the PayPal redirect back.
链接的论坛帖子提出了一种解决方法,将会话 ID 保留在 PayPal 请求中,然后稍后检索它并恢复会话.很好,但它似乎不起作用.
The linked forum thread suggests a workaround, to persist the session ID in the PayPal request and then to retrieve it later and restore the session. Great, except it doesn't seem to work.
我可以添加一些日志语句:
I can add some log statements:
log(session_id());
在各种重定向之前和之后.从 PayPal 回来后,我又记录了一些.
before and after the various redirects. When coming back from PayPal, I log some more.
log("session id is " . session_id());
$session_id = get_session_id_from_paypal();
log("setting it back to " . $session_id);
session_id($session_id);
session_start();
log("session id is now " . session_id());
结果完全不是我所期望的:
The result is not at all what I'd expect:
session_id
是 fc8f459a186a3f4695ff9ac71b563825
将其设置回 82460dcf8c8ddd538466e7cb89712e72session_id
现在是 360ba3fd99d233e0735397278d2b2e55
session_id
is fc8f459a186a3f4695ff9ac71b563825
setting it back to 82460dcf8c8ddd538466e7cb89712e72
session_id
is now 360ba3fd99d233e0735397278d2b2e55
第二个问题:为什么会话 ID 根本不是我设置的?我究竟做错了什么?或者,至少,为什么没有一个会话变量返回?
Second question: why is the session id not at all what I set it to? What am I doing wrong? Or, at least, why do none of the session variables come back?
推荐答案
只是一个想法...
您是否将 session.referer_check
设置为您的主机?默认值为空字符串,但它可能已更改...当页面从 PayPal返回"时,php 将删除会话信息.
Do you have session.referer_check
set to your host perhaps?
The default is the empty string, but it might have been changed ... and when the page 'comes back' from PayPal, php will trash the session info.
你可以用phpinfo()检查session.referer_check
.
You can check the session.referer_check
with phpinfo().
相关文章