php - 当表单从 PHP 中的其他网站发布时，会话和 cookie 会自动销毁

问题描述

当表单从 PHP 5.6 中的其他网站提交（发布）时，会话和 cookie 会自动销毁（我无法更新 php 版本，因为它是一个大网站，现有代码是大约 10 年前编写的）
其他网站代码：

<html>
   <body>
      <form action="https://www.anydomain.com/payment/c_process_payment.php?code=pass" method="post">
         <input name="asdfasdf" type="text" value="asdfasdf">
        <input type="submit" />
    
     </form>
   </body>
</html>

我的网站代码：

<?php
 session_start();
 echo "post<br>";
 var_dump($_POST);
 echo "GET<br>";
 var_dump($_GET);
 echo "session<br>";
 var_dump($_SESSION);
 echo "cookie<br>";
 var_dump($_COOKIE);
?>

.htaccess 文件

ErrorDocument 500 /error-docs/500.shtml
ErrorDocument 404 /404.html
RewriteEngine on
Options +Followsymlinks
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteBase /
RewriteEngine On
RewriteCond %{HTTP_HOST} ^[0-9a-zA-Z-]+\.[a-zA-Z]{2,}$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^([A-Za-z0-9_-]+)/([A-Za-z0-9_-]+)/([A-Za-z0-9_-]+)/([0-9]+)$ ./CustomerHomeDetail.php?RememberCountry1=$1&RememberCityID1=$2&rest=$3&branchID=$4[L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^([A-Za-z0-9_-]+)/([A-Za-z0-9_-]+)/([A-Za-z0-9_-]+)/([0-9]+)/$ ./CustomerHomeDetail.php?RememberCountry1=$1&RememberCityID1=$2&rest=$3&branchID=$4 [L]

RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} (iphone|ipad|android|blackberry|windows\ phone) [NC]


RewriteCond %{HTTP_HOST} neyiyelim\.net$ [NC]
RewriteCond %{REQUEST_URI} \.(php)$
RewriteRule ^(.+)$ https://m.neyiyelim.net/$1 [R,L]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php56 .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software 
 # For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
  <IfModule php5_module>
  php_flag asp_tags Off
  php_flag display_errors Off
  php_value max_execution_time 30
  php_value max_input_time 60
  php_value max_input_vars 1000
  php_value memory_limit 64M
  php_value upload_max_filesize 2M
  php_value post_max_size 8M
  php_value session.gc_maxlifetime 14400
  php_flag zlib.output_compression Off
  php_value date.timezone "Etc/GMT-3"
  </IfModule>
<IfModule lsapi_module>
   php_flag asp_tags Off
   php_flag display_errors Off
   php_value max_execution_time 30
   php_value max_input_time 60
   php_value max_input_vars 1000
   php_value memory_limit 64M
   php_value upload_max_filesize 2M
   php_value post_max_size 8M
   php_value session.gc_maxlifetime 14400
   php_flag zlib.output_compression Off
   php_value date.timezone "Etc/GMT-3"
 </IfModule>
  # END cPanel-generated php ini directives, do not edit

如果我没有从外部 URL 发布任何数据，但当我发布数据会话和 cookie 被破坏或删除时，我可以获得会话和 cookie。我增加了会话时间并尝试查找其他服务器和 php 问题，但找不到任何相关内容。

标签： phpsessioncookiesphp-5.6