thinkphp5.1 cookie跨域、thinkphp5.1 session跨域、tp5.1cookie跨域
cookie跨域:
//config/cookie.php
return [
//...
//仅7.3.0及以上适用
'samesite' => 'None',
//是否加密cookie值,false为不加密
'aeskey' => '1234'
];
//thinkphp/library/think/Cookie.php
<?php
// +----------------------------------------------------------------------
// | ThinkPHP [ WE CAN DO IT JUST THINK ]
// +----------------------------------------------------------------------
// | Copyright (c) 2006~2018 http://thinkphp.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: liu21st <liu21st@gmail.com>
// +----------------------------------------------------------------------
namespace think;
use think\facade\Log;
class Cookie
{
/**
* 配置参数
* @var array
*/
protected $config = [
// cookie 名称前缀
'prefix' => '',
// cookie 保存时间
'expire' => 0,
// cookie 保存路径
'path' => '/',
// cookie 有效域名
'domain' => '',
// cookie 启用安全传输
'secure' => false,
// httponly设置
'httponly' => false,
// 是否使用 setcookie
'setcookie' => true,
// 加密KEY
'aeskey' => false
];
/**
* 构造方法
* @access public
*/
public function __construct(array $config = [])
{
$this->init($config);
}
/**
* Cookie初始化
* @access public
* @param array $config
* @return void
*/
public function init(array $config = [])
{
$this->config = array_merge($this->config, array_change_key_case($config));
if (!empty($this->config['httponly']) && PHP_SESSION_ACTIVE != session_status()) {
ini_set('session.cookie_httponly', 1);
}
}
public static function __make(Config $config)
{
return new static($config->pull('cookie'));
}
private function aes($str, $type = true)
{
if ($type) {
$str = time() . $this->config['expire'] . '_tp_' . $str;
return openssl_encrypt($str, 'AES-128-ECB', $this->config['aeskey']);
}
$str = openssl_decrypt($str, 'AES-128-ECB', $this->config['aeskey']);
$array = explode('_tp_', $str);
if (count($array) != 2) {
return false;
}
$time = substr($array[0], 0, 10);
$expire = substr($array[0], 10);
if ($expire && time() - $time >= $expire) {
return $expire;
}
return $array[1];
}
/**
* 设置或者获取cookie作用域(前缀)
* @access public
* @param string $prefix
* @return string|void
*/
public function prefix($prefix = '')
{
if (empty($prefix)) {
return $this->config['prefix'];
}
$this->config['prefix'] = $prefix;
}
/**
* Cookie 设置、获取、删除
*
* @access public
* @param string $name cookie名称
* @param mixed $value cookie值
* @param mixed $option 可选参数 可能会是 null|integer|string
* @return void
*/
public function set($name, $value = '', $option = null)
{
// 参数设置(会覆盖黙认设置)
if (!is_null($option)) {
if (is_numeric($option)) {
$option = ['expire' => $option];
} elseif (is_string($option)) {
parse_str($option, $option);
}
$config = array_merge($this->config, array_change_key_case($option));
} else {
$config = $this->config;
}
$name = $config['prefix'] . $name;
// 设置cookie
if (is_array($value)) {
// array_walk_recursive($value, [$this, 'jsonFormatProtect'], 'encode');
// $value = 'think:' . json_encode($value);
$value = serialize($value);
}
$value = urlencode($this->config['aeskey'] ? $this->aes($value) : $value);
// $value = $this->config['aeskey'];
Log::write($this->config, 'error');
$expire = !empty($config['expire']) ? $_SERVER['REQUEST_TIME'] + intval($config['expire']) : 0;
if ($config['setcookie']) {
$this->setCookie($name, $value, $expire, $config);
}
$_COOKIE[$name] = $value;
}
/**
* Cookie 设置保存
*
* @access public
* @param string $name cookie名称
* @param mixed $value cookie值
* @param array $option 可选参数
* @return void
*/
protected function setCookie($name, $value, $expire, $option = [])
{
Log::write($option, 'error');
if ($option['aeskey']) {
unset($option['aeskey']);
}
if (request()->isMobile()) {
$option['domain'] = '';
}
if (version_compare(PHP_VERSION, '7.3.0', '>=')) {
setcookie($name, $value, [
'expires' => $expire,
'path' => $option['path'],
'domain' => $option['domain'],
'secure' => $option['secure'],
'httponly' => $option['httponly'],
'samesite' => $option['samesite'],
]);
} else {
setcookie($name, $value, $expire, $option['path'], $option['domain'], $option['secure'], $option['httponly']);
// setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
}
}
/**
* 永久保存Cookie数据
* @access public
* @param string $name cookie名称
* @param mixed $value cookie值
* @param mixed $option 可选参数 可能会是 null|integer|string
* @return void
*/
public function forever($name, $value = '', $option = null)
{
if (is_null($option) || is_numeric($option)) {
$option = [];
}
$option['expire'] = 315360000;
$this->set($name, $value, $option);
}
/**
* 判断Cookie数据
* @access public
* @param string $name cookie名称
* @param string|null $prefix cookie前缀
* @return bool
*/
public function has($name, $prefix = null)
{
$prefix = !is_null($prefix) ? $prefix : $this->config['prefix'];
$name = $prefix . $name;
return isset($_COOKIE[$name]);
}
/**
* Cookie获取
* @access public
* @param string $name cookie名称 留空获取全部
* @param string|null $prefix cookie前缀
* @return mixed
*/
public function get($name = '', $prefix = null)
{
$prefix = !is_null($prefix) ? $prefix : $this->config['prefix'];
$key = $prefix . $name;
if ('' == $name) {
if ($prefix) {
$value = [];
foreach ($_COOKIE as $k => $val) {
if (0 === strpos($k, $prefix)) {
$value[$k] = $val;
}
}
} else {
$value = $_COOKIE;
}
} elseif (isset($_COOKIE[$key])) {
$value = $_COOKIE[$key];
$str = urldecode($value);
$str = $this->config['aeskey'] ? $this->aes($str, false) : $str;
try {
$value = unserialize($str);
} catch (Exception $e) {
$value = $str;
}
// $value = $this->config['aeskey'];
/* if (0 === strpos($value, 'think:')) {
$value = substr($value, 6);
$value = json_decode($value, true);
array_walk_recursive($value, [$this, 'jsonFormatProtect'], 'decode');
} */
} else {
$value = null;
}
return $value;
}
/**
* Cookie删除
* @access public
* @param string $name cookie名称
* @param string|null $prefix cookie前缀
* @return void
*/
public function delete($name, $prefix = null)
{
$config = $this->config;
$prefix = !is_null($prefix) ? $prefix : $config['prefix'];
$name = $prefix . $name;
if ($config['setcookie']) {
$this->setcookie($name, '', $_SERVER['REQUEST_TIME'] - 3600, $config);
}
// 删除指定cookie
unset($_COOKIE[$name]);
}
/**
* Cookie清空
* @access public
* @param string|null $prefix cookie前缀
* @return void
*/
public function clear($prefix = null)
{
// 清除指定前缀的所有cookie
if (empty($_COOKIE)) {
return;
}
// 要删除的cookie前缀,不指定则删除config设置的指定前缀
$config = $this->config;
$prefix = !is_null($prefix) ? $prefix : $config['prefix'];
if ($prefix) {
// 如果前缀为空字符串将不作处理直接返回
foreach ($_COOKIE as $key => $val) {
if (0 === strpos($key, $prefix)) {
if ($config['setcookie']) {
$this->setcookie($key, '', $_SERVER['REQUEST_TIME'] - 3600, $config);
}
unset($_COOKIE[$key]);
}
}
}
return;
}
private function jsonFormatProtect(&$val, $key, $type = 'encode')
{
if (!empty($val) && true !== $val) {
$val = 'decode' == $type ? urldecode($val) : urlencode($val);
}
}
}
session跨域
//config/session.php
<?php
// +----------------------------------------------------------------------
// | ThinkPHP [ WE CAN DO IT JUST THINK ]
// +----------------------------------------------------------------------
// | Copyright (c) 2006~2018 http://thinkphp.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: liu21st <liu21st@gmail.com>
// +----------------------------------------------------------------------
// +----------------------------------------------------------------------
// | 会话设置
// +----------------------------------------------------------------------
return [
//...
//samesite None Lax
'samesite' => 'None'
];
//thinkphp/library/think/Session.php
//在官方源代码里的第170行下边增加代码
if (isset($config['secure'])) {
ini_set('session.cookie_secure', $config['secure']);
if (isset($config['samesite'])) {
ini_set('session.cookie_samesite', $config['samesite']);
}
}
版权声明:原源代码版权属于thinkphp官方,其他博主修改代码的版权属于博主个人,修改的代码仅供参考(改的位置有点多,懒得注释了),复制代码产生的一切问题由使用者自行承担。本文未经许可禁止转载、复制、重新发布,否则保留追究版权法律责任!
本文来自博客园,作者:小枫同学,除网络转载的部分,其他版权属于作者和博客园所有,未经作者或博客园许可,禁止转载、复制、重新发布完整或者部分文字、代码、图片等信息,否则将保留追究法律责任的权利(如博客侵权了您的作品,本人再次表示抱歉,请将原创地址发送至下文邮箱,核实后立刻删除。)。查阅文章的同学,由于网络爬虫严重,有些代码并不会完整贴出来或者存在bug,不过你可以发送邮件到xfstune@126.com获取新代码,记得附上文章链接
