ie and session Lost of New window cookie lost measurement and solutions
- 2020-07-21 07:18:15
- OfStack
Today, in a group, someone asked open using js in ie6, found a new window and failed to get session.
After testing with the following test code, it was found that because the phpsessionid storage is a process-level expiration, only the same process can be obtained. Many people said that after open or target="_blank", the new ie process will be opened.
Therefore, phpsessionid of the previous window does not follow the new window, resulting in failure to obtain.
My own tests using ietest,6/7/8(9 doesn't boot up, not sure), all show the same pattern.
This is not the case with ie10, which comes with windows.
chrome is also multithreaded, but this does not exist.
This is not the case with firefox.
index.php
b.php jump out of the page
From the test, if the cookie setting is delayed timing failure, rather than process level, it will also be seen after open,
Therefore, in this case, to prevent users from losing their login status when using the ie kernel, we can cooperate with cookie to use it.
The php configuration provides 1 way to automatically add sid to uri, but does not automatically add relative paths,
It's just that the extreme case of cookie being banned is rarely encountered,
cookie+session is sufficient for common use.
After testing with the following test code, it was found that because the phpsessionid storage is a process-level expiration, only the same process can be obtained. Many people said that after open or target="_blank", the new ie process will be opened.
Therefore, phpsessionid of the previous window does not follow the new window, resulting in failure to obtain.
My own tests using ietest,6/7/8(9 doesn't boot up, not sure), all show the same pattern.
This is not the case with ie10, which comes with windows.
chrome is also multithreaded, but this does not exist.
This is not the case with firefox.
index.php
<?php
setcookie('kkkkk','bbbb', time() + 1111111);
session_start();
$_SESSION['qidizi'] = 'kkkk';
var_dump( $_SESSION,$_COOKIE);
?>
<input type="button" value="d" onclick="window.open('./b.php');" />
<a href="b.php" target="_blank">dddd</a>
b.php jump out of the page
<?php
session_start();
var_dump( $_SESSION,$_COOKIE);
From the test, if the cookie setting is delayed timing failure, rather than process level, it will also be seen after open,
Therefore, in this case, to prevent users from losing their login status when using the ie kernel, we can cooperate with cookie to use it.
The php configuration provides 1 way to automatically add sid to uri, but does not automatically add relative paths,
It's just that the extreme case of cookie being banned is rarely encountered,
cookie+session is sufficient for common use.