-1

我有一个会话,我正在为会话使用数据库。我在会话中使用 userdata 来存储用户名和“登录”标志。我正在自动加载会话库,所以我不必显式加载它。

我在控制器中使用它来检查“登录”和视图,以显示用户名,这导致 CI​​_Session 被加载两次并导致会话被破坏。两次 CI_Session 加载它都尝试更新会话和数据库,第一次成功,第二次失败并破坏了会话。

我相信我违反了控制器和视图之间的分离,我通过仅使用控制器中的会话库并将带有用户名的变量传递给视图来解决了这个问题。

但我的问题是:我所做的分析是否正确?我是否违反了控制器和视图之间的分离,只要我不再这样做我应该没问题,或者这可能会在其他情况下再次发生?

注意:我试图仔细问这个问题,我正在寻找技术答案而不是意见,我不希望这成为关于这个与那个等的讨论。

根据要求添加代码:

来自控制器 Admin.php 的片段

class Admin extends CI_Controller {
  function __construct() {
    parent::__construct();
    $this->load->model('users');
    $this->id = $this->session->userdata('id');
    $this->authorized = array('waccess' => $this->users->authorizedUser($this->id, 'waccess'),
                              'ceditor' => $this->users->authorizedUser($this->id, 'ceditor'),
                              'uadmin' => $this->users->authorizedUser($this->id, 'uadmin'),
                              'forms' => $this->users->authorizedUser($this->id, 'forms'));

  }
  public function index() {
    log_message('debug', 'Admin->index');
    $this->load->view('framework', array(
      'head' => $this->load->view('head', array('title' => 'Administrator', 'stylesheet' => 'admin.css', 'javascript' => 'jquery-ui-1.8.16.custom.min.js'), true),
      'header' => $this->load->view('headerAdmin', array('active' => 'Home', 'authorized' => $this->authorized), true),
      'body' => $this->load->view('adminHome', '', true),
      'midBody' => $this->load->view('blankMid', '', true),
      'footer' => $this->load->view('footer', '', true)
    ));
  }

查看 adminHome.php 的片段

<div id="main">
  <div class="content">
    <h1>Employee Interface</h1>
<? if(!$this->session->userdata('loggedin')): ?>
....
<? else: ?>
    <p>Welcome <?=$this->session->userdata('fname')?> <?=$this->session->userdata('lname')?></p>
<? endif; ?>
    <p>Use the menu above to select the various employee and administrative options available to you</p>
  </div>
</div>

我添加了很多调试代码,但没有对 CodeIgniter 代码进行其他更改以查看发生了什么,以下是生成的日志条目:

DEBUG - 2013-03-04 19:54:31 --> Config Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Hooks Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Utf8 Class Initialized
DEBUG - 2013-03-04 19:54:31 --> UTF-8 Support Enabled
DEBUG - 2013-03-04 19:54:31 --> URI Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Router Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Output Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Security Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Input Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Global POST and COOKIE data sanitized
DEBUG - 2013-03-04 19:54:31 --> Language Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Loader Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Helper loaded: url_helper
DEBUG - 2013-03-04 19:54:31 --> loading: session
DEBUG - 2013-03-04 19:54:31 --> Session Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Helper loaded: string_helper
DEBUG - 2013-03-04 19:54:31 --> Database Driver Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Session using database
DEBUG - 2013-03-04 19:54:31 --> Session matching on [session_id]: b791b771c776ca4166a73424315d1110
DEBUG - 2013-03-04 19:54:31 --> Session matching on [user_agent]: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
DEBUG - 2013-03-04 19:54:31 --> Session Updating
DEBUG - 2013-03-04 19:54:31 --> Session Data: [session_id] => b791b771c776ca4166a73424315d1110
DEBUG - 2013-03-04 19:54:31 --> Session Data: [ip_address] => 184.4.66.94
DEBUG - 2013-03-04 19:54:31 --> Session Data: [user_agent] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
DEBUG - 2013-03-04 19:54:31 --> Session Data: [last_activity] => 1362444838
DEBUG - 2013-03-04 19:54:31 --> Session Data: [user_data] => 
DEBUG - 2013-03-04 19:54:31 --> Session Data: [id] => 15
DEBUG - 2013-03-04 19:54:31 --> Session Data: [fname] => Test
DEBUG - 2013-03-04 19:54:31 --> Session Data: [lname] => Test
DEBUG - 2013-03-04 19:54:31 --> Session Data: [email] => t
DEBUG - 2013-03-04 19:54:31 --> Session Data: [loggedin] => 1
DEBUG - 2013-03-04 19:54:31 --> Session Update Completed
DEBUG - 2013-03-04 19:54:31 --> Session Data: [session_id] => 7875df72dc94ca7bd149debe69865a2e
DEBUG - 2013-03-04 19:54:31 --> Session Data: [ip_address] => 184.4.66.94
DEBUG - 2013-03-04 19:54:31 --> Session Data: [user_agent] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
DEBUG - 2013-03-04 19:54:31 --> Session Data: [last_activity] => 1362444871
DEBUG - 2013-03-04 19:54:31 --> Session Data: [user_data] => 
DEBUG - 2013-03-04 19:54:31 --> Session Data: [id] => 15
DEBUG - 2013-03-04 19:54:31 --> Session Data: [fname] => Test
DEBUG - 2013-03-04 19:54:31 --> Session Data: [lname] => Test
DEBUG - 2013-03-04 19:54:31 --> Session Data: [email] => t
DEBUG - 2013-03-04 19:54:31 --> Session Data: [loggedin] => 1
DEBUG - 2013-03-04 19:54:31 --> Session routines successfully run
DEBUG - 2013-03-04 19:54:31 --> Controller Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Model Class Initialized
DEBUG - 2013-03-04 19:54:31 --> loading: session
DEBUG - 2013-03-04 19:54:31 --> Session Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Database Driver Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Session using database
DEBUG - 2013-03-04 19:54:31 --> Session matching on [session_id]: b791b771c776ca4166a73424315d1110
DEBUG - 2013-03-04 19:54:31 --> Session matching on [user_agent]: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
DEBUG - 2013-03-04 19:54:31 --> Session not found, destroying instance
DEBUG - 2013-03-04 19:54:31 --> Session routines successfully run
DEBUG - 2013-03-04 19:54:31 --> Controller Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Admin->index
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/head.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/headerAdmin.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/adminHome.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/blankMid.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/footer.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/framework.php
DEBUG - 2013-03-04 19:54:31 --> Final output sent to browser
DEBUG - 2013-03-04 19:54:31 --> Total execution time: 0.0793
4

1 回答 1

0

尝试更改配置设置:

$config['sess_match_useragent'] = FALSE;

我的猜测是您的视图中有某种代码或其他脚本或浏览器插件会弄乱用户代理检查。这会导致会话匹配不匹配,导致结果Session not found, destroying instance如您所见,从而导致您的错误。

当然,此更改的结果是会话安全性降低,因此如果安全性是一个大问题,您当然可以进一步研究导致问题的原因。

您可以在其他帖子中找到信息...

Googlechrome 框架是原因(默认情况下是 Bootstrap 模板的一部分): 更改页面时在 IE 10 中销毁 Codeigniter 会话

FirePHP 扩展是原因: http ://blog.tiger-workshop.com/firephp-firefox-extension-causing-codeigniter-session-lost/

于 2013-03-05T01:34:05.523 回答