PHPSESSID:会话Cookie不包含“安全”属性

时间:2019-06-26 16:43:50

标签: php cookies session-cookies

我在网站的前端和后端运行https,但是为什么我没有得到安全标志?

我相信代码在这两个文件中:magento / framework / Stdlib / Cookie / CookieMetadata.php-> getSecure()

    /**
     * Get HTTP Only flag
     *
     * @return bool|null
     */
    public function getHttpOnly()
    {
        return $this->get(self::KEY_HTTP_ONLY);
    }

    /**
     * Get whether the cookie is only available under HTTPS
     *
     * @return bool|null
     */
    public function getSecure()
    {
        return $this->get(self::KEY_SECURE);
    }
}

magento / framework / Stdlib / Cookie / SensitiveCookieMetadata.php-> getSecure()

class SensitiveCookieMetadata extends CookieMetadata
{
    /**
     * @var RequestInterface
     */
    protected $request;

    /**
     * @param RequestInterface $request
     * @param array $metadata
     */
    public function __construct(RequestInterface $request, $metadata = [])
    {
        if (!isset($metadata[self::KEY_HTTP_ONLY])) {
            $metadata[self::KEY_HTTP_ONLY] = true;
        }
        $this->request = $request;
        parent::__construct($metadata);
    }

    /**
     * {@inheritdoc}
     */
    public function getSecure()
    {
        $this->updateSecureValue();
        return $this->get(self::KEY_SECURE);
    }

    /**
     * {@inheritdoc}
     */
    public function __toArray()
    {
        $this->updateSecureValue();
        return parent::__toArray();
    }

    /**
     * Update secure value, set it to request setting if it has no explicit value assigned.
     *
     * @return void
     */
    private function updateSecureValue()
    {
        if (null === $this->get(self::KEY_SECURE)) {
            $this->set(self::KEY_SECURE, $this->request->isSecure());
        }
    }
}

enter image description here

我尝试了几种不同的方法,但无法确保其安全。请帮助。

0 个答案:

没有答案