此问题仅影响Firefox。其他浏览器没有问题。
我的网站上有自定义登录信息。它完美无缺,直到我添加Twitter时间轴嵌入代码。添加该代码后,登录时PHP会话值会发生变化。在signin.php上,会生成一个php会话值。按下提交并转到success.php后,会话值会更改。
可能导致这种情况的原因以及仅在Firefox中的原因?
这是我的代码:
1.PHP
<?php
session_start();
//Prevent Cross-Site Request Forgeries//
$tokengf = md5(uniqid(rand(), TRUE));
$_SESSION['tokengf'] = "$tokengf";
$_SESSION['tokengf_timestamp'] = time();
////
?>
<form action="2.php" method="post" />
<h3> Enter Your Username:</h3>
<span class="question">What is your username? </span>
<p>
<label for="username">My username is:<br />
</label>
<input type="text" name="username" id="username" value="" size="40" maxlength="85" />
</p>
<input type="hidden" name="tokengf" value="<?php echo $_SESSION['tokengf']; ?>" />
<br />
<input type="submit">
</form>
<!--Twitter Timeline-->
<a class="twitter-timeline" href="https://twitter.com/gftravelsite" data-widget-id="412977135226081280">Tweets by @gftravelsite</a>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
这是提交到的页面:
2.PHP
<?php
session_start();
echo var_dump($_SESSION) . "<BR>";
echo print_r($_POST);
//Prevent Cross-Site Request Forgeries//
if ($_POST['tokengf'] != $_SESSION['tokengf']) {
echo "<br>post and session token values don't match.";
exit;
}
////
浏览器输出为:
array(2) { ["tokengf"]=> &string(32) "2e5b9797a3ba1e0b481f363b585c3bb1" ["tokengf_timestamp"]=> &int(1431234058) }
Array ( [username] => [tokengf] => 9bf4cca211d7a9874d954a434c21ac28 ) 1
post and session token values don't match.
使用Chrome或IE运行相同的确切页面会按预期显示此输出:
array(2) { ["tokengf"]=> &string(32) "fc28ab43754b40e6941a3f0208257de9" ["tokengf_timestamp"]=> &int(1431234321) }
Array ( [username] => [tokengf] => fc28ab43754b40e6941a3f0208257de9 ) 1
谢谢,
添