LightOpenID只使用返回的第一个AuthURL，尽管个别PHP会话正在启动

下面是我的登录代码，它非常标准。为什么一个用户会按登录蒸汽社区。下面的代码是我拼凑的一个快速调试输出，它表明尽管正在发送2个AuthURL，但由于某种原因，LightOpenID正在将第一个返回的结果应用于每个试图在类似时间通过steam进行身份验证的用户。即进入蒸汽社区并登录。

 <?
 ob_start();
 session_start();
if(isset($_GET['logout']))
{
    if(isset($_COOKIE[session_name()])):
        setcookie(session_name(), '', time()-7000000, '/');
    endif;
    if(isset($_COOKIE['login_user'])):
        setcookie('login_user', '', time()-7000000, '/');
    endif;
    session_unset();
    session_destroy();
    header("Location: index.php");
}
include "kern/apikey.php";
include "kern/openid.php";
$OpenID = new LightOpenID("xxxxxx.com");
if(!$OpenID->mode)
{
    if(isset($_GET['login']))
    {
        $OpenID->identity = "http://steamcommunity.com/openid";
        header("Location: " . $OpenID->authUrl());
    }
    if(!isset($_SESSION['SteamAuth']))
    {
        $login = "<div id='"login'">In order to access the panel, you must <br /><br /> <a href='"?login'"><img src='"http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_large_noborder.png'"/></a></div>";
    }
} else if ($OpenID->mode == "cancel")
{
    echo "Authentication Cancelled...";
} else {
    if($OpenID->validate())
    {

        $id = $OpenID->identity;
        $_SESSION['SteamID64'] = str_replace("http://steamcommunity.com/openid/id/", "", $id);
        $_SESSION['SteamAuth'] = true;
        $Steam64 = str_replace("http://steamcommunity.com/openid/id/", "", $id);
        $profile = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key={$api}&steamids={$Steam64}");
        $steam = json_decode($profile, true);
        $communityid = $steam['response']['players'][0]['steamid'];
        $authserver = bcsub($communityid, '76561197960265728') & 1;
        $authid = (bcsub($communityid, '76561197960265728')-$authserver)/2;
        $_SESSION['SteamID'] = "STEAM_0:" . $authserver . ":" . $authid;
        $_SESSION['SteamName'] = $steam['response']['players'][0]['personaname'];
        header("Location: index.php");
    } else {
        echo "User is not logged in";
    }
}
?>
<html>
<body>
<div id="title">Login</div>
<div id="content">
<?
    echo $login;
?>
</div>
</body>
</html>

请参阅下面的日志文件，该文件指示AuthURL被发送了两次，但实际上只使用了一个响应：

[09-Nov-2014 14:09:52 America/Chicago] Begin login!
[09-Nov-2014 14:09:52 America/Chicago] Sent authurl!xxxxx
[09-Nov-2014 14:10:03 America/Chicago] Begin login!
[09-Nov-2014 14:10:03 America/Chicago] Sent authurl!xxxxx
[09-Nov-2014 14:10:10 America/Chicago] Begin login!
[09-Nov-2014 14:10:11 America/Chicago] Got identity!http://steamcommunity.com/openid/id/xxxx
[09-Nov-2014 14:10:11 America/Chicago] Using Steam64!xxxx
[09-Nov-2014 14:10:11 America/Chicago] Using string steam64!xxxx

正如你所看到的，尽管两个AuthURL在类似的时间发送，但一旦返回一个身份，它就会将其应用于两个用户，这意味着人们会登录到不正确的帐户。

使用https://github.com/SmItH197/SteamAuthenticationPHP示例。

复制步骤：1.第一个用户点击"通过steam登录"，挂在steamcommunity.com OpenID登录。2.第二个用户点击"登录steam"，登陆steamcommunity.com。3.然后两个用户都点击通过，其中一个将作为另一个登录。