session start() 在每个请求中创建新的会话文件条目

Question

我正在使用 Angular 2 进行跨源（Angular 2 文件位于远程服务器中的 localhost 和 api 文件）对 user.php 文件的 http post 请求。 user.php 使用 session 来确定用户的状态，问题是 session_start() 在 /tmp 文件夹中创建了一个新的 session 文件条目。

php.ini

session.auto_start  Off Off
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_httponly Off Off
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_secure   Off Off
session.entropy_file    /dev/urandom    /dev/urandom
session.entropy_length  32  32
session.gc_divisor  1000    1000
session.gc_maxlifetime  1440    1440
session.gc_probability  1   1
session.hash_bits_per_character 5   5
session.hash_function   0   0
session.lazy_write  On  On
session.name    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   /tmp    /tmp
session.serialize_handler   php php
session.upload_progress.cleanup On  On
session.upload_progress.enabled On  On
session.upload_progress.freq    1%  1%
session.upload_progress.min_freq    1   1
session.upload_progress.name    PHP_SESSION_UPLOAD_PROGRESS   PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix  upload_progress_    upload_progress_
session.use_cookies On  On
session.use_only_cookies    On  On
session.use_strict_mode Off Off
session.use_trans_sid   0   0

用户.php

<?php

session_start();

header('Access-Control-Allow-Origin: http://votingsystem.gr:4200');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization');
header('Content-Type: application/json');

require_once 'utilities/constants.php';
// require_once 'utilities/jwt.php';
// print_r($_SESSION['id']);
// session_save_path('/tmp');
if (empty($_SESSION)) {
    $response['empty session'] = 'empty session';
} else {
    $response['not empty session'] = 'not empty( session)';
}

if (file_get_contents('php://input') != null) {

    $data = json_decode(file_get_contents('php://input'));

    // $response['action'] = $data->action;
    if ($data->action != null && !empty($data->action)) {
        // $jwt = new JWT();

        if ($data->action === 'login_admin') {
            // $_SESSION['id'] = 10;
            $_SESSION['username'] = 'admin';
            // $response['id'] = $_SESSION['id'];
            $response['username'] = $_SESSION['username'];
        } else if ($data->action === 'login_user') {
            //for mobile users
        } else if ($data->action === 'check_admin_state') {
            // $response['id'] = $_SESSION['username'];
            if (isset($_SESSION['username'])) {
                $response['code'] = STATUS_OK;
                $response['desc'] = 'User authorized.';
            } else {
                // $response['session'] = $_SESSION;
                $response['code'] = ERROR_UNAUTHORIZED_USER;
                $response['desc'] = 'User unathorized.';
            }
        } else {

        }
        // $response['code'] = STATUS_OK;
    } else {
        $response['code'] = ERROR_INVALID_ACTION;
        $response['desc'] = 'Invalid action.';
    }
    // $response['session'] = $_SESSION;
    echo json_encode($response);
}

?>

Answer 1

终于，经过数小时的挖掘，我想通了。问题是跨源请求cookie没有发送到服务器，所以我的角度代码没有发送它。我改变了这个

angular 2 代码供有兴趣的朋友参考：

    let headers = new Headers({ 'Content-Type': 'application/json' });
    let options = new RequestOptions({ headers: headers, withCredentials: true });

    let body = { action: 'login_admin', username: 'test', password: 'password' };

    return this.http.post('url',
            JSON.stringify(body), options)
        .map(this.success)
        .catch(this.error);

我加了

header('Access-Control-Allow-Credentials: true'); 

在 user.php 文件和 session_start() 不再创建新的文件条目，它按预期工作。