fix(uoj/1/app/models): session issue caused by wrong cookie domain

After we changed the detection of the real httpHost value, the token check will fail when register.
A long time ago we just simply added "Session_Start();" at the beginning of uoj/1/app/index.php.
It temporally solved the problem but caused another series of issues that we can't see outside.
There is also a session_start() when executing Session::init() at importing app/libs/uoj-lib.php.
So, when we add one more "Session_Start();" it will execute this one more time, just cause warning:
> session_name(): Cannot change session name when session is active
> PHP Warning:  ini_set(): A session is active. You cannot change the session module's ini settings at this time
And, the session name and session path, session domain will not be set so may cause other problems.
The reason is that using UOJContext::httpHost() as web hostname when default, it will add the port at the end.
When using IP the validateIP() will return false, or using domain with port the cookie domain will be set wrongly.
As a result the register process throws out the "Expired" error and refuses to register, and other uses token will fail too.
We made it cut out the port when setting cookie domain, and also changed the style of UOJContext::httpHost() to make it easier to read.
With this problem known and solved the "Session_Start();" in index.php will also say bye-bye, and there will be no multiple session_start()s.

NOTICE: If you have set all your information to yours in .config.php, and not using address with port other than 80, you may not face this problem.
But the warning of php will consistently shown in the error log file. So kick the annoying warning information out if you are angry with this ;-)
This commit is contained in:
Masco Skray 2018-10-11 18:46:58 +08:00
parent 47320c8758
commit 923e1e61f8
2 changed files with 8 additions and 3 deletions

View File

@ -53,13 +53,20 @@ class UOJContext {
return $_SERVER['REQUEST_METHOD'];
}
public static function httpHost() {
return isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '');
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
return $_SERVER['HTTP_X_FORWARDED_HOST'];
} else if (isset($_SERVER['HTTP_HOST'])) {
return $_SERVER['HTTP_HOST'];
} else {
return $_SERVER['SERVER_NAME'].($_SERVER['SERVER_PORT'] == '80' ? '' : ':'.$_SERVER['SERVER_PORT']);
}
}
public static function cookieDomain() {
$domain = UOJConfig::$data['web']['domain'];
if ($domain === null) {
$domain = UOJConfig::$data['web']['main']['host'];
}
$domain = array_shift(explode(':', $domain));
if (validateIP($domain)) {
$domain = '';
} else {

View File

@ -1,7 +1,5 @@
<?php
Session_Start();
require $_SERVER['DOCUMENT_ROOT'] . '/app/libs/uoj-lib.php';
require UOJContext::documentRoot().'/app/route.php';