Magento2框架,使用了https加密访问,在nginx配置了强制http跳转到https
正常情况下,使用http://www.yroot.win访问的时候是正常的,能跳转到https://www.yroot.win里面来,但用http://yroot.win的话,虽然也能跳转到https://www.yroot.win里面,但域名后面总会带上一个SID,如:https://www.yroot.com/?SID=jak6jvh7ko34lgq3i5i7fbbnf8,
这情况还是比较特殊,并不太好复现,客户是能每次都重现,而我本机是只能在清浏览器缓存之后才会复现,而后面就算清了缓存也没办法重现了,只能用curl请求才能看到,如下:
sna@test-dev ~> curl -I yroot.win
HTTP/1.1 302 Found
Date: Tue, 31 Aug 2021 03:22:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
set-cookie: PHPSESSID=dj18hcbcv82ae3qsla0d5muhlt; expires=Tue, 31-Aug-2021 04:22:07 GMT; Max-Age=3600; path=/; domain=yroot.win; HttpOnly
location: https://www.yroot.win/?SID=dj18hcbcv82ae3qsla0d5muhlt
pragma: no-cache
cache-control: max-age=0, must-revalidate, no-cache, no-store
expires: Mon, 31 Aug 2020 03:22:07 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
set-cookie: X-Magento-Vary=bc19c7bc0c4d96de9d50e46ae697f4b28d79ca04; expires=Tue, 31-Aug-2021 04:22:07 GMT; Max-Age=3600; path=/; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yeQJYU8tsPVhLAlLKh4fwVdfQEGgvXBvgkljl31u4xAIQo7ndHxGhRKnjmzZ4bE%2BlNw3o%2FBRlEigwQ7q6f%2BLEBrOeMBiYMLHa32XbeyuMFTzs324lFjm5vwkG8v"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 687321f16ab84918-SIN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
nginx的配置里面不管是用return 301强制跳转还是正常的域名ssl配置都没办法解决。而最后发现竟然是magento系统的坑,需要将STORES > Configuration > GENNEAL > Web > Session Validation Settings > Use SID on Storefront 配置项改为NO。
