PHP的Session验证总是失败,没想却是ZoneAlarm搞怪

  今天调试一个基于PHP的Session验证的程序,发现总是登陆失败,debug发现Session注册没有成功,也就是cookie没有生成,以前很少遇到这样的问题,因为PHP的配置肯定是没有问题的,更为奇怪的是,这样的问题在IE和FireFox上会遇到,在TT浏览器上确正常了,折腾了半天才总算发现的问题所在。

  经过对TT和FireFox上页面返回源代码的对比,发现两者之间有差异,在IE和FireFox访问后的页面中,HTML源代码的Header部分总会被加入类似这样的一行代码
[coolcode linenum=”off” lang=”html”]

[/coolcode]

  我刚开始还以为中了木马病毒,查杀了一番没有结果。于是通过获取 http://127.0.0.1:1025/js.cgi?caw&r=27432 返回的代码,发现是一些阻止弹出、注册Cookie之类的js代码,于是感觉应该是防火墙之类的在作鬼,进一步分析代码,发现有不少zl_字样的东东,哈哈,原来是ZoneAlarm在捣鬼,抓住真凶!

  下面是js.cgi返回的代码范例,实际上我们也可以用这个代码来做一些有用的事情:)
[coolcode linenum=”off” lang=”javascript”]
var blockedReferrer = ‘blockedReferrer’;
NS_ActualWrite=document.write;
// Popup Blocker –>
RanPostamble=0;
NS_ActualOpen=window.open;
function NS_NullWindow(){this.window;}
function nullDoc() {
this.open = NS_NullWindow;
this.write = NS_NullWindow;
this.close = NS_NullWindow;
}
function NS_NewOpen(url,nam,atr){
if((nam!=” && nam==window.name) || nam==’_top’){
return(NS_ActualOpen(url,nam,atr));}
obj=new NS_NullWindow();
obj.focus = NS_NullWindow;
obj.blur = NS_NullWindow;
obj.opener = this.window;
obj.document = new nullDoc();
return(obj);
}
function NS_NullWindow2(){this.window;}
function NS_NewOpen2(url,nam,atr){
if((nam!=” && nam==window.name) || nam==’_top’){
return(NS_ActualOpen(url,nam,atr));}
return(new NS_NullWindow2());
}
function op_stop() { NS_ActualOpen2=window.open; window.open=NS_NewOpen2; }
function op_start() { window.open=NS_ActualOpen2; }
function noopen_load() {
op_stop(); if(zl_orig_onload) zl_orig_onload(); op_start();
}
function noopen_unload() { op_stop(); if(zl_orig_onunload) zl_orig_onunload(); op_start(); }
function postamble() {

if(!RanPostamble) {
RanPostamble=1;
zl_orig_onload = window.onload;
zl_orig_onunload = window.onunload;
window.open=NS_ActualOpen;
}
}
window.open=NS_NewOpen;
[/coolcode]

  访问ZA的官方论坛,得到官方的回答如下:
This is the script that ZAP inserts into every page to allow your Privacy settings to function properly. It provides the means to control cookies, ads, and active script. To remove it, turn off all your Main Privacy blocking.
Bill
Atlanta, Georgia

  于是关掉ZoneAlarm中“Privacy”中Cookie和Ad的控制选项,问题得到解决:)

官方论坛地址:http://forum.zonelabs.org/zonelabs/board/message?board.id=security&message.id=14155

40 thoughts on “PHP的Session验证总是失败,没想却是ZoneAlarm搞怪”

  1. An outstanding share! I’ve just forwarded this onto a coworker who had been conducting a little homework on this.
    And he actually ordered me breakfast because I stumbled upon it
    for him… lol. So let me reword this…. Thanks for the
    meal!! But yeah, thanx for spending some time to talk
    about this topic here on your web page.

  2. Have you ever thought about including a little bit more than just your articles?
    I mean, what you say is important and all. But think of if you added some great pictures or video clips
    to give your posts more, “pop”! Your content is excellent but
    with images and videos, this site could definitely be
    one of the most beneficial in its niche. Great blog!
    plenty of fish natalielise

  3. Heya! I know this is kind of off-topic but I needed to ask.

    Does running a well-established blog like yours require a large amount of work?

    I am brand new to writing a blog but I do write in my journal on a daily basis.
    I’d like to start a blog so I can easily share my experience and
    views online. Please let me know if you have any recommendations or
    tips for new aspiring blog owners. Thankyou!

  4. An outstanding share! I’ve just forwarded
    this onto a co-worker who had been doing a little homework on this.

    And he in fact ordered me lunch simply because I found it for him…
    lol. So let me reword this…. Thanks for the
    meal!! But yeah, thanx for spending some time to talk about this issue here on your
    website.

  5. Have you ever thought about creating an e-book or guest authoring on other blogs?
    I have a blog based on the same information you discuss and would
    love to have you share some stories/information. I know my subscribers would appreciate
    your work. If you’re even remotely interested, feel free to send me an e-mail.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image