在 rfc2965 里面,Set-Cookie2 支持指定 Port, 但是现在浏览器普遍支持的是之前 rfc2109 的 Set-Cookie , 它是不关心 Port 的,所以你同一个IP(或域名),如果 cookie 名相同(在你的例子里是 sid), 那么虽然两个应用跑在不同端口上,后面的 cookie 还是会覆盖前面的 cookie 的, 所以,不同的应用,请用不同的 cookie 名(即改变 session_key 参数的值)
相关资料: --- http://tools.ietf.org/html/rfc2109 http://tools.ietf.org/html/rfc2965 http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies (注意看 Scope 部分) 2011/9/22 Beckheng Lam <[email protected]> > ** > 噢,还可以这样,有意思。怎么默认的行为不把Session独立? > 谢谢! > > 于 2011年09月21日 22:03, cnhack TNT 写道: > > 将两个程序的 session_key 改成不同的值试试吧 > > > > 2011/9/21 Beckheng Lam <[email protected]> > >> Hi All, >> >> Thanks for your read. >> >> My development environment: >> v5.10.1 (*) built for x86_64-linux-gnu-thread-multi >> Plack (0.9982) >> Plack::Middleware::Session (0.14) >> >> My script occur this problem. >> Just for test this case, I use the script copy from >> http://d.hatena.ne.jp/punitan/20101222/1293045593 >> There are two script now. One is test-plack-session-state22.psgi, another >> is test-plack-session-state.psgi. >> They are same but the session data directory. >> One listens on port 5300, another listens on port 5400. >> >> Steps: >> >> Step1 . http://192.168.1.196:5300/ >> Show: plack_session=18b24617936ee7bacc055de23689020abedac411; >> sid=1cd6cbace42e4847cd4918b2a6de06d9ff965a36 session is not verified >> >> Step2 . http://192.168.1.196:5400/ >> Show: plack_session=18b24617936ee7bacc055de23689020abedac411; >> sid=2cfde1a38753da45b9e8f0493439f5847cc1e304 session is not verified >> >> Step3. http://192.168.1.196:5300/login?password=foo >> Show: plack_session=18b24617936ee7bacc055de23689020abedac411; >> sid=5bad50cbc93b09d1268cbbebdc087516bd8d1c34 correct password >> >> Step4. http://192.168.1.196:5300/ >> Show: plack_session=18b24617936ee7bacc055de23689020abedac411; >> sid=5bad50cbc93b09d1268cbbebdc087516bd8d1c34 *verified session* >> >> Step5. http://192.168.1.196:5400/ >> Show: plack_session=18b24617936ee7bacc055de23689020abedac411; >> sid=b93f28c26a7d08479a5ed3949f24ea535368e255 session is not verified >> >> Step6. http://192.168.1.196:5300/ >> Show: plack_session=18b24617936ee7bacc055de23689020abedac411; >> sid=8db48bb861b56167ab233731a89c18402283371d* session is not verified* >> >> The *verified session* becomes *not verified*. If I use >> http://127.0.0.1:5400 to access. The *verified session* will be kept. >> That's what I meet. I hope the session can be kept although there are >> several application listen on the same IP address. >> Would anybody give some advice for me? >> >> Thanks again! >> -- >> > > > -- > 我的博客 -- http://blog.yixinit.com/ > 诸法从缘起,如来说是因。 > 彼法因缘尽,是大沙门说。 > > -- > 您收到此邮件是因为您订阅了 Google 网上论坛的“PerlChina Mongers 讨论组”论坛。 > 要向此网上论坛发帖,请发送电子邮件至 [email protected]。 > 要取消订阅此网上论坛,请发送电子邮件至 [email protected]。 > 若有更多问题,请通过 http://groups.google.com/group/perlchina?hl=zh-CN 访问此网上论坛。 > -- 您收到此邮件是因为您订阅了 Google 网上论坛的“PerlChina Mongers 讨论组”论坛。 要向此网上论坛发帖,请发送电子邮件至 [email protected]。 要取消订阅此网上论坛,请发送电子邮件至 [email protected]。 若有更多问题,请通过 http://groups.google.com/group/perlchina?hl=zh-CN 访问此网上论坛。
