0

为什么我的会话变量不能跨站点工作?

我显然是在我的代码中设置它们,否则以管理员身份登录不会重定向到管理页面。

如果有人对问题是什么有建议,为什么 $_SESSION 变量没有保存等,我将不胜感激。

使用 IIS 7 和 FastCGI,php.ini 是默认值。

代码示例:

<?php session_start();
/* Include database config file. */
include("db_config.php");
/* If POST request do code. */
if ($_SERVER['REQUEST_METHOD']=='POST') 
{
/* Set variables for form fields. */
$username=$_POST["username"];
$password=$_POST["password"];
/* Queries on login. */
$query_params=array($username,$password);
$query="SELECT * FROM users WHERE username=? AND password=?";
$qresults=sqlsrv_query($dbconnect,$query,$query_params);
$permission_q="SELECT permission FROM users WHERE username=? AND password=?";
$permission_qr=sqlsrv_query($dbconnect,$permission_q,$query_params);
$firstname_q="SELECT firstname FROM users WHERE username=? AND password=?";
$firstname_qr=sqlsrv_query($dbconnect,$firstname_q,$query_params);
$lastname_q="SELECT lastname FROM users WHERE username=? AND password=?";
$lastname_qr=sqlsrv_query($dbconnect,$lastname_q,$query_params);
/* If any queries fail then kill script. */
if(sqlsrv_fetch($firstname_qr)===false)
{
die("Firstname couldn't be verified, terminated connection.");
}
$firstname=sqlsrv_get_field($firstname_qr,0);
if(sqlsrv_fetch($lastname_qr)===false)
{
die("Lastname couldn't be verified, terminated connection.");
}
$lastname=sqlsrv_get_field($lastname_qr,0);
if(sqlsrv_fetch($permission_qr)===false)
{
die("Permissions could not be verified, terminating connection.");
}
$permissions=sqlsrv_get_field($permission_qr,0);
/* If the username and password query results exist then do code. */
if(isset($qresults))
{
/* Number of rows is fetch array of username and pass results. */
$num_rows=sqlsrv_fetch_array($qresults,SQLSRV_FETCH_NUMERIC);
/* If rows is not null or is set then do code. */
if($num_rows!=null)
{
$_SESSION['username']=$username;
$_SESSION['firstname']=$firstname;
$_SESSION['lastname']=$lastname;
$_SESSION['permissions']=$permissions;
/* If permissions is equivelant to admin send to admin page. */
if($_SESSION['permissions']==="admin")
{

session_write_close();
echo '<meta http-equiv="refresh" content="0; url=./content/admin_dash.php">';
die();
//endif
}
else
{

session_write_close();
echo '<meta http-equiv="refresh" content="0; url=./content/user_dash.php">';
die();
//endelse
}
//endif
}
else
{
//elseif num_rows not true
echo "Invalid Login.<br/>Your credentials did not match or there was an error.<br/>";
$_SESSION['username'] = '';
if(sqlsrv_errors(SQLSRV_ERR_ALL)==null)
{
echo "No errors detected.";
//endif
}
else
{
echo "Errors detected:<br/>";
print_r( sqlsrv_errors(SQLSRV_ERR_ALL));
//endelse
}
//endelse
}
//endif
}
else
{
die("Error with query. Contact your system admin.");
//endelse
}
//endif
}
else
{
die("Request was not POST. Please use login page.");
//endelse
}
?>
4

4 回答 4

3

因为这不是会话(通常)的工作方式。会话 cookie 只存储一个会话 ID。会话中的实际信息仅存储在服务器上。

于 2012-05-03T17:09:06.047 回答
0

cookie 只是使 PHP 能够查找存储在您的 Web 服务器上的会话变量(作为文件或在数据库中)。它增加了额外的安全性,因为人们无法嗅探数据值,也不需要 cookie 变得很长。

于 2012-05-03T17:10:01.037 回答
0

如前所述,会话 cookie 仅存储会话 ID。

如果您想保存到具有自定义内容的 cookie,请参阅这篇文章。http://davidwalsh.name/php-cookies

于 2012-05-03T17:10:53.900 回答
0

我发现了这个问题,C:\Windows\Temp 文件夹权限没有设置为接受 IIS_IUSRS 用户,因此阻止 IIS 在 Temp 文件夹中保存任何内容,包括会话。

于 2012-06-05T17:58:24.420 回答