更新:
我想知道是否有人可以查看我的答案,看看是否有任何漏洞。
在以下位置使用编码和会话时,有一个记录良好的问题:
Duplicated "set-cookie: ci-session" fields in header by codeigniter
总之,每次调用set_userdata时,codeigniter都会执行set-cookie。
我找到了部分解决方案:
http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/
此解决方案的唯一问题是需要在任何地方插入代码。有没有一种简单的方法来清除所有标题?我已经修改了一些代码来删除php错误,但有没有办法可以使用钩子或什么?
<?php
class MY_Controller extends CI_Controller
{
public function __construct()
{
parent:: __construct();
}
//See (modified from) http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/
protected function _removeDuplicateCookieHeaders ()
{
// clean up all the cookies that are set...
$headers = headers_list();
$cookies_to_output = array ();
$header_session_cookie = '';
$session_cookie_name = $this->config->item('sess_cookie_name');
foreach ($headers as $header)
{
list ($header_type, $data) = explode (':', $header, 2);
$header_type = trim ($header_type);
$data = trim ($data);
if (strtolower ($header_type) == 'set-cookie')
{
header_remove ('Set-Cookie');
$cookie_value = current(explode (';', $data));
list ($key, $val) = explode ('=', $cookie_value);
$key = trim ($key);
if ($key == $session_cookie_name)
{
// OVERWRITE IT (yes! do it!)
$header_session_cookie = $data;
continue;
}
else
{
// Not a session related cookie, add it as normal. Might be a CSRF or some other cookie we are setting
$cookies_to_output[] = array ('header_type' => $header_type, 'data' => $data);
}
}
}
if ( ! empty ($header_session_cookie))
{
$cookies_to_output[] = array ('header_type' => 'Set-Cookie', 'data' => $header_session_cookie);
}
foreach ($cookies_to_output as $cookie)
{
header ("{$cookie['header_type']}: {$cookie['data']}", false);
}
}
}
答案 0 :(得分:1)
编辑:如果您使用的是$ this-&gt; load-&gt; view(),请仅使用此代码。如果你在控制器中使用echo,那么在删除标题之前会导致输出甚至被删除。
EDIT需要php 5.3或更新版本。
我找到了一种方式,我认为我可以帮助其他人解决这个问题。我还没有完美地测试它,但它似乎有效。
应用/钩/ session_cookie_fixer.php
<?php
class SessionCookieFixer
{
//See (modified from) http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/
function removeDuplicateSessionCookieHeaders ()
{
$CI = &get_instance();
// clean up all the cookies that are set...
$headers = headers_list();
$cookies_to_output = array ();
$header_session_cookie = '';
$session_cookie_name = $CI->config->item('sess_cookie_name');
foreach ($headers as $header)
{
list ($header_type, $data) = explode (':', $header, 2);
$header_type = trim ($header_type);
$data = trim ($data);
if (strtolower ($header_type) == 'set-cookie')
{
header_remove ('Set-Cookie');
$cookie_value = current(explode (';', $data));
list ($key, $val) = explode ('=', $cookie_value);
$key = trim ($key);
if ($key == $session_cookie_name)
{
// OVERWRITE IT (yes! do it!)
$header_session_cookie = $data;
continue;
}
else
{
// Not a session related cookie, add it as normal. Might be a CSRF or some other cookie we are setting
$cookies_to_output[] = array ('header_type' => $header_type, 'data' => $data);
}
}
}
if ( ! empty ($header_session_cookie))
{
$cookies_to_output[] = array ('header_type' => 'Set-Cookie', 'data' => $header_session_cookie);
}
foreach ($cookies_to_output as $cookie)
{
header ("{$cookie['header_type']}: {$cookie['data']}", false);
}
}
}
?>
应用/配置/ hooks.php
$hook['post_controller'][] = array(
'class' => 'SessionCookieFixer',
'function' => 'removeDuplicateSessionCookieHeaders',
'filename' => 'session_cookie_fixer.php',
'filepath' => 'hooks',
'params' => array()
);
答案 1 :(得分:0)
如果我正确理解您的代码,您计划让所有控制器扩展MY_Controller,然后在每个(或可能只是相关的)控制器中调用
$this->_removeDuplicateCookieHeaders()
其他替代方案
添加一个钩子(http://ellislab.com/codeigniter/user-guide/general/hooks.html)
$hook['post_controller_constructor'][] = array(
'class' => '',
'function' => 'removeDuplicateCookies',
'filename' => 'removeDuplicateCookies.php',
'filepath' => 'hooks',
);
或创建帮助(或库取决于您的偏好)您可以通过编辑application/config/autoload.php