php - 当表单从 PHP 中的其他网站发布时,会话和 cookie 会自动销毁
问题描述
当表单从 PHP 5.6 中的其他网站提交(发布)时,会话和 cookie 会自动销毁(我无法更新 php 版本,因为它是一个大网站,现有代码是大约 10 年前编写的)
其他网站代码:
<html>
<body>
<form action="https://www.anydomain.com/payment/c_process_payment.php?code=pass" method="post">
<input name="asdfasdf" type="text" value="asdfasdf">
<input type="submit" />
</form>
</body>
</html>
我的网站代码:
<?php
session_start();
echo "post<br>";
var_dump($_POST);
echo "GET<br>";
var_dump($_GET);
echo "session<br>";
var_dump($_SESSION);
echo "cookie<br>";
var_dump($_COOKIE);
?>
.htaccess 文件
ErrorDocument 500 /error-docs/500.shtml
ErrorDocument 404 /404.html
RewriteEngine on
Options +Followsymlinks
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteBase /
RewriteEngine On
RewriteCond %{HTTP_HOST} ^[0-9a-zA-Z-]+\.[a-zA-Z]{2,}$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^([A-Za-z0-9_-]+)/([A-Za-z0-9_-]+)/([A-Za-z0-9_-]+)/([0-9]+)$ ./CustomerHomeDetail.php?RememberCountry1=$1&RememberCityID1=$2&rest=$3&branchID=$4[L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^([A-Za-z0-9_-]+)/([A-Za-z0-9_-]+)/([A-Za-z0-9_-]+)/([0-9]+)/$ ./CustomerHomeDetail.php?RememberCountry1=$1&RememberCityID1=$2&rest=$3&branchID=$4 [L]
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} (iphone|ipad|android|blackberry|windows\ phone) [NC]
RewriteCond %{HTTP_HOST} neyiyelim\.net$ [NC]
RewriteCond %{REQUEST_URI} \.(php)$
RewriteRule ^(.+)$ https://m.neyiyelim.net/$1 [R,L]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php56 .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php5_module>
php_flag asp_tags Off
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 64M
php_value upload_max_filesize 2M
php_value post_max_size 8M
php_value session.gc_maxlifetime 14400
php_flag zlib.output_compression Off
php_value date.timezone "Etc/GMT-3"
</IfModule>
<IfModule lsapi_module>
php_flag asp_tags Off
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 64M
php_value upload_max_filesize 2M
php_value post_max_size 8M
php_value session.gc_maxlifetime 14400
php_flag zlib.output_compression Off
php_value date.timezone "Etc/GMT-3"
</IfModule>
# END cPanel-generated php ini directives, do not edit
如果我没有从外部 URL 发布任何数据,但当我发布数据会话和 cookie 被破坏或删除时,我可以获得会话和 cookie。我增加了会话时间并尝试查找其他服务器和 php 问题,但找不到任何相关内容。
解决方案
推荐阅读
- reactjs - 使用 web3 断开钱包与网站的连接
- laravel-8 - 提交评论后,它返回错误“尝试在 laravel 8 中获取非对象的属性 'id'”
- javascript - 无法使用 Javascript 为图标设置动画
- discord-jda - 如何在 JDA 频道中使用斜杠命令?
- python - 使用不平衡数据构建 ML 分类器
- r - 在网格中排列露天地块
- powershell - 恢复脚本的最佳实践
- .net-5 - .net5 中代码覆盖率的阈值验证
- r - 当数据为长格式且条件取决于分组组合时,如何有条件地改变新列
- angularjs - 解决针对 CommonJS 或 AMD 依赖项的警告