0

问题已解决- 请参阅:https ://stackoverflow.com/a/14719452/1174295

--

我在(至少)Google Chrome 和 Safari 中遇到了问题。

首次尝试登录时,不会重定向用户。会话已创建,但几乎就像未检测到一样,并将用户带回索引页面。在第二次尝试时,会发出正确的重定向并将用户带到正确的页面。

该脚本在 Firefox 中运行良好,我已经广泛检查以查看是否返回了正确的数据,确实如此。我已经搜索了,我已经搜索了,我已经搜索了,但不幸的是没有发现任何有用的东西。

Access.php - 用户登录

<?php
session_start();
ob_start();


include_once('db.class.php');
include_once('register.class.php');
include_once('login.class.php');


$db = null;
$reg = null;
$log = null;


$db = new Database();
$log = new Login($db, null, null, null, null, null, null);


if (isset($_SESSION['login'])) {    
    $log->redirectUser($_SESSION['login']);
}


include_once('includes/header.html');

?>

Some HTML...

<?php
    if (isset($_POST['logsub'])) {
        $db = new Database();
        $log = new Login($db, $_POST['email'], $_POST['pass']);

        $validation = &$log->validate();

        if(empty($validation)) {
            $log->redirectUser($_SESSION['login']);
        } else {
            echo "<div id='error'><div class='box-error'><p style='font-weight: bold'>The following errors occured...</p><ul>";

                for ($i = 0; $i < count($validation); $i++) {
                    echo "<li>" . $log->getErrorMessage($validation[$i]) . "</li>";
                }
            echo "</ul></div></div>";
        }
    }
?>

Login.class.php - 登录类

// Validate the credentials given
public function validateLogin() {
    // Hash the plain text password
    $this->hashedPass = $this->hashPassword();

    try {
        $query = $this->dbcon->prepare("SELECT Login_ID, Login_Email, Login_Password FROM Login WHERE Login_Email = :email AND Login_Password = :pass");
        $query->bindParam(':email', $this->email, PDO::PARAM_STR);
        $query->bindParam(':pass', $this->hashedPass, PDO::PARAM_STR);
        $query->execute();

        $fetch = $query->fetch(PDO::FETCH_NUM);
        $this->loginid = $fetch[0];

        // If a match is found, create a session storing the login_id for the user
        if ($query->rowCount() == 1) {
            $_SESSION['login'] = $this->loginid;    
            session_write_close();
        } else {
            return LOG_ERR_NO_MATCH;
        }
    } catch (PDOException $e) {
        $this->dbcon->rollback();
        echo "Error: " . $e->getMessage();
    }
}

// Fetch the customer ID
private function getCustId() {
    try {
        $query = $this->dbcon->prepare("SELECT Customer.Cust_ID FROM Customer JOIN Login ON Customer.Login_ID = Login.Login_ID WHERE Customer.Login_ID = :loginid");
        $query->bindParam(':loginid', $this->loginid, PDO::PARAM_INT);
        $query->execute();

        $fetch = $query->fetch(PDO::FETCH_NUM);     
        return $fetch[0];
    } catch (PDOException $e) {
        $this->dbcon->rollback();
        echo "Error: " . $e->getMessage();
    }
}

// Check the registration progress - are they verified? paid?
// This function is used elsewhere hence the $sessionid argument
public function checkRegistration($sessionid) { 
    $this->loginid = $sessionid;
    $this->custid = $this->getCustId();

    try {
        $queryVer = $this->dbcon->prepare("SELECT Cust_ID FROM Customer_Verify_Email WHERE Cust_ID = :custid");
        $queryVer->bindParam(":custid", $this->custid, PDO::PARAM_INT);
        $queryVer->execute();

        $queryFee = $this->dbcon->prepare("SELECT Cust_ID FROM Initial_Fee_Payment WHERE Cust_ID = :custid");
        $queryFee->bindParam(":custid", $this->custid, PDO::PARAM_INT);
        $queryFee->execute();

        // If a record exists in the verify table, return the value 1. This means the user has not yet verified their email.
        if ($queryVer->rowCount() == 1) {
            return 1;
        } else {
            // If a record does not exist in the payment table, no payment has been made. Return 2.
            if ($queryFee->rowCount() == 0) {
                return 2;
            // Otherwise, email is verified and the payment has been made.
            } else {
                return 0;
            }
        }

    } catch (PDOException $e) {
        $this->dbcon->rollback();
        echo "Error: " . $e->getMessage();
    }
}

// Redirect the user accordingly
public function redirectUser($sessionid) {
    $this->loginid = $sessionid;    
    $logNum = $this->checkRegistration($this->loginid);

    if ($logNum == 0) {
        header("Location: fbedder/details.php", true, 200);
        exit();
    } else if ($logNum == 1) {
        header("Location: fbedder/verification.php", true, 200);
        exit();
    } else if ($logNum == 2) {
        header("Location: fbedder/payment.php", true, 200);
        exit();
    }
}

这是该站点的链接:fbedder/ -> 我已经使用凭据设置了一个测试帐户 -> 电子邮件:test@ / 密码:test123321

重申一下,问题仅存在于 Google Chrome 和 Safari(我的 iPhone 上的 Safari)中,并且纯粹存在于登录方面。在第一次尝试时,会话将被忽略(它被创建),而在第二次尝试时,用户将被重定向。

有任何想法吗?我尝试了多种可能...

--编辑--

我现在知道问题出在哪里了。

当调用重定向时,它会将用户发送到 details.php 页面。但是,此页面包含以下代码片段:

if (!isset($_SESSION['login'])) {
    header("Location: fbedder/index.php");
}

显然,正在发生的事情是会话没有被检测/保存/“随便”,因此将用户发送回索引页面。有没有办法确保 $_SESSION 不会有效丢失。我在这里发帖之前已经阅读过这个,这就是我插入的原因session_write_close(),但这似乎并没有达到预期的效果。

4

1 回答 1

0

在诊断出问题在于 $_SESSION 变量实际上已丢失的事实之后,我阅读了有关该session_write_close()函数的信息并遇到了以下评论:

我的会话搞砸了,因为我同时有 2 个不同的会话 ID:

  • 1 个用于 domain.com 的 PHPSESSID cookie
  • 1 个用于 www.domain.com 的 PHPSESSID cookie

这修复了它:

//在每一页的开头...

session_set_cookie_params (1800,"/","domain.com"); session_start();

来源: http: //pt2.php.net/manual/en/function.session-write-close.php#84925

设置参数解决了这个问题。

于 2013-02-06T00:20:28.900 回答