phpstudy集成环境

 首页 > 安卓5.1的微博客户端webview无法写入cookie

安卓5.1的微博客户端webview无法写入cookie

我们的网站运行在新浪的轻应用中,当中涉及到登陆写session的问题,现在遇到了一个无法解释的问题,我们网站在登陆完成http响应头中包含set-cookie头后,下次浏览器又发起了一个请求,请求头中的cookie头中cookie值并不是set-cookie设定的那个值,下面是一段抓包数据:

POST http://www.mydomain.com/?ua=Meizu-m2+note__weibo__6.3.1__android__android5.1&from=1063195010&uid=1261004702&v_p=28&containerid=1068031s5261263846s2637057287&cip=110.96.226.166&logVersion=0&container_ext=&since_id=&lang=zh_CN&v_f=0&c=android&extparam=&page=1&client=inf&imsi=460011651619481&featurecode=10000085&wm=5311_4002&lfid=2302835261263846&luicode=10000198 HTTP/1.1
Host: www.mydomain.com
Connection: keep-alive
Content-Length: 409
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://apps.weibo.com
User-Agent: Mozilla/5.0 (Linux; Android 5.1; m2 note Build/LMY47D) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/40.0.2214.114 Mobile Safari/537.36 Weibo (Meizu-m2 note__weibo__6.3.1__android__android5.1)
Content-Type: application/x-www-form-urlencoded
Referer: http://apps.weibo.com/5261263846/8s07tBVd?ua=Meizu-m2+note__weibo__6.3.1__android__android5.1&from=1063195010&uid=1261004702&v_p=28&containerid=1068031s5261263846s2637057287&cip=110.96.226.166&logVersion=0&container_ext=&since_id=&lang=zh_CN&v_f=0&c=android&extparam=&page=1&client=inf&imsi=460011651619481&featurecode=10000085&wm=5311_4002&lfid=2302835261263846&luicode=10000198
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,en-US;q=0.8
X-Requested-With: com.sina.weibo


HTTP/1.1 200 OK
Date: Thu, 31 Mar 2016 02:01:08 GMT
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 620
ETag: W/"26c-2713abd4"
set-cookie: weibo_mobile_session3=s%3Ab4HiCbawv84jRsiw33O5f8MZzMj85AK1.wjSeMfrpur4UHtZJmEYRlZFKbJznUexncjtzhKFOOdY; Domain=www.mydomain.com; Path=/; HttpOnly
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive



------------------------------------------------------------------



GET http://www.mydomain.com/?ua=Meizu-m2+note__weibo__6.3.1__android__android5.1&from=1063195010&uid=1261004702&v_p=28&containerid=1068031s5261263846s2637057287&cip=110.96.226.166&logVersion=0&container_ext=&since_id=&lang=zh_CN&v_f=0&c=android&extparam=&page=1&client=inf&imsi=460011651619481&featurecode=10000085&wm=5311_4002&lfid=2302835261263846&luicode=10000198 HTTP/1.1
Host: www.mydomain.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Linux; Android 5.1; m2 note Build/LMY47D) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/40.0.2214.114 Mobile Safari/537.36 Weibo (Meizu-m2 note__weibo__6.3.1__android__android5.1)
Referer: http://www.mydomain.com/?ua=Meizu-m2+note__weibo__6.3.1__android__android5.1&from=1063195010&uid=1261004702&v_p=28&containerid=1068031s5261263846s2637057287&cip=110.96.226.166&logVersion=0&container_ext=&since_id=&lang=zh_CN&v_f=0&c=android&extparam=&page=1&client=inf&imsi=460011651619481&featurecode=10000085&wm=5311_4002&lfid=2302835261263846&luicode=10000198
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,en-US;q=0.8
Cookie: weibo_mobile_session3=s%3AmskPgARzIyDER5wE3yWrh6BPtDUNg9AQ.lZkVsKlCrlPLkbjC5ZkctiMc8cEp6Yg6x3FwEJ7joMM
X-Requested-With: com.sina.weibo


HTTP/1.1 302 Moved Temporarily
Date: Thu, 31 Mar 2016 02:01:08 GMT
X-Powered-By: Express
Location: /login?redirectUrl=%2F%3Fua%3DMeizu-m2%2Bnote__weibo__6.3.1__android__android5.1%26amp%3Bfrom%3D1063195010%26amp%3Buid%3D1261004702%26amp%3Bv_p%3D28%26amp%3Bcontainerid%3D1068031s5261263846s2637057287%26amp%3Bcip%3D110.96.226.166%26amp%3BlogVersion%3D0%26amp%3Bcontainer_ext%3D%26amp%3Bsince_id%3D%26amp%3Blang%3Dzh_CN%26amp%3Bv_f%3D0%26amp%3Bc%3Dandroid%26amp%3Bextparam%3D%26amp%3Bpage%3D1%26amp%3Bclient%3Dinf%26amp%3Bimsi%3D460011651619481%26amp%3Bfeaturecode%3D10000085%26amp%3Bwm%3D5311_4002%26amp%3Blfid%3D2302835261263846%26amp%3Bluicode%3D10000198
Vary: Accept
Content-Type: text/html; charset=UTF-8
Content-Length: 1168
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive



------------------------------------------------------------------

第一个请求中已经设置weibo_mobile_session3=s%3Ab4HiCbawv84jRsiw33O5f8MZzMj85AK1.wjSeMfrpur4UHtZJmEYRlZFKbJznUexncjtzhKFOOdY,但是下次请求的时候头中的cookie却是:weibo_mobile_session3=s%3AmskPgARzIyDER5wE3yWrh6BPtDUNg9AQ.lZkVsKlCrlPLkbjC5ZkctiMc8cEp6Yg6x3FwEJ7joMM

找到原因了,还是老生常谈的安全性问题,第一次请求的时候是在iframe中,在安卓5.0+上,在iframe中set-cookie不起作用,先跳出iframe,然后再写cookie,问题解决。

【热门文章】
【热门文章】