How to avoid unwanted session carry-over between d

2019-08-04 16:59发布

问题:

Scenario

I have the local version of a Zend Framework application open in one Chrome tab (development environment). At the same time I have the stage or live version of the same application running on a remote server open as well. I'm logged in one of the instances. When I try to log in to the other, this instance exits with a fatal error until I delete the cookies of the other instance, where I'm logged in first.

The domain setting on the session cookies is not identical but the carry-over still happens.

Questions

Why does that happen?
How can I avoid it?

回答1:

Give each server a different session name (not the default one), so that you have different sessions. This does normally work if you want to use multiple sessions next to each other (and you don't want to check the cookie settings like taking care cookie works in it's domain only and that next to cookie nothing else is used to pass the ID).

In native PHP it's session_name, I assume Zend Framework has a corresponding configuration setting as well.



回答2:

What is the domain setting on the session cookies for both? If it's a top level one, like .example.com, then the cookie'll be shared across both systems. You could nail it down to local.example.com and remote.example.com so the session cookies are distinct and won't overlap.