通过 ssh 端口转发连接时出现 Cookie 错误
Cookies error when connect via ssh port forwarding
我在私有网络内的远程服务器上有一个 PHP 脚本 运行。我只需要通过 ssh 端口转发 (ssh -L ....) 远程端口 80 到本地 8080 来访问它。脚本设置 cookie 用于身份验证目的。如果我尝试登录浏览器,则会丢弃带有错误“set-cookie 域属性对于当前主机 url 无效”的 cookie。但是,如果我在专用网络中登录,这就可以正常工作。
脚本使用“HTTP_HOST”设置 cookie
setcookie('auth',$hash,time()+$sesstime,"/",$_SERVER['HTTP_HOST'],false,false);
因此,当通过端口转发连接时,我看到 cookie 带有正确的地址,就像通过内部网络访问一样。
接下来登录端口转发访问(我的地址是192.168.32.2)
Set-Cookie: auth=431d622765774d602236744a6472324c417c712b194e377130771f64783b7b1a3379306656033a2473; expires=Thu, 01-Apr-2021 19:06:04 GMT; Max-Age=18000000; path=/; domain=192.168.32.2:8080
接下来是内网访问:
Set-Cookie: auth=001228333034422a366337452e6667435573656816157d673430427f636763447e6d632c1c566f6e64; expires=Thu, 01-Apr-2021 19:04:51 GMT; Max-Age=18000000; path=/; domain=10.10.1.2
更多变量:
["REMOTE_ADDR"]=> string(11) "10.10.1.2"
["HTTP_HOST"]=> string(14) "192.168.32.2:8080"
["SERVER_NAME"]=> string(11) "10.10.1.2"
有什么解决办法吗?我需要设置正确的端口转发访问权限。
Cookie 不特定于端口,因此从 cookie 域中删除端口将解决此问题。
8.5. Weak Confidentiality
Cookies do not provide isolation by port. If a cookie is readable
by a service running on one port, the cookie is also readable by a
service running on another port of the same server. If a cookie is
writable by a service on one port, the cookie is also writable by a
service running on another port of the same server. For this reason,
servers SHOULD NOT both run mutually distrusting services on
different ports of the same host and use cookies to store security-
sensitive information.
我在私有网络内的远程服务器上有一个 PHP 脚本 运行。我只需要通过 ssh 端口转发 (ssh -L ....) 远程端口 80 到本地 8080 来访问它。脚本设置 cookie 用于身份验证目的。如果我尝试登录浏览器,则会丢弃带有错误“set-cookie 域属性对于当前主机 url 无效”的 cookie。但是,如果我在专用网络中登录,这就可以正常工作。
脚本使用“HTTP_HOST”设置 cookie
setcookie('auth',$hash,time()+$sesstime,"/",$_SERVER['HTTP_HOST'],false,false);
因此,当通过端口转发连接时,我看到 cookie 带有正确的地址,就像通过内部网络访问一样。 接下来登录端口转发访问(我的地址是192.168.32.2)
Set-Cookie: auth=431d622765774d602236744a6472324c417c712b194e377130771f64783b7b1a3379306656033a2473; expires=Thu, 01-Apr-2021 19:06:04 GMT; Max-Age=18000000; path=/; domain=192.168.32.2:8080
接下来是内网访问:
Set-Cookie: auth=001228333034422a366337452e6667435573656816157d673430427f636763447e6d632c1c566f6e64; expires=Thu, 01-Apr-2021 19:04:51 GMT; Max-Age=18000000; path=/; domain=10.10.1.2
更多变量:
["REMOTE_ADDR"]=> string(11) "10.10.1.2"
["HTTP_HOST"]=> string(14) "192.168.32.2:8080"
["SERVER_NAME"]=> string(11) "10.10.1.2"
有什么解决办法吗?我需要设置正确的端口转发访问权限。
Cookie 不特定于端口,因此从 cookie 域中删除端口将解决此问题。
8.5. Weak Confidentiality
Cookies do not provide isolation by port. If a cookie is readable by a service running on one port, the cookie is also readable by a service running on another port of the same server. If a cookie is
writable by a service on one port, the cookie is also writable by a
service running on another port of the same server. For this reason, servers SHOULD NOT both run mutually distrusting services on
different ports of the same host and use cookies to store security-
sensitive information.