0

我正在制作一个允许用户更改密码的页面。但密码是我会话的一部分。

这是我的会议:

$_SESSION['myid'] = $myid;
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;

我将用户名、密码和用户 ID 保存到我的会话中。我检查了每个页面,检查会话是否为真:

require ('../handlers/loginhandler.php');

session_start();

    if (!isset($_SESSION['myid'])){  //in this part I skipped the username and password

    header("a page");

    }

    else {

    my page 

    }

现在,当我想更改密码时,我的登录处理程序似乎不正确。所以我需要重新启动会话并将新密码值放入会话中。但我似乎无法让它工作。

我是否可以仅将 user_id 放入会话中,以便无论我更改什么值,我的日志处理程序都将保持不变?因为现在我首先必须注销并再次登录才能获得正确的值。还是有重启码?

4

1 回答 1

0

Just updating the session with a new value for $_SESSION['password'] should work (assuming you have session_start()'ed the session before you attempt to make a change.

Having said that, it's generally a bad idea to store the user's password in the session anyway, so this is a good opportunity to remove it. On the other hand, storing the user name is fine and could possibly prevent an unnecessary database lookup.

于 2013-01-23T15:30:06.190 回答