0

所以我有一个正在开发的测试环境和一个最终将我的代码部署到的生产环境。我现在拥有的代码适用于我的测试环境,但不适用于我的生产环境。所以这似乎是一个环境问题,但如果是我不知道要更改哪个设置。

现在我正在尝试测试一个简单的联系页面,它有一个简短的表格和验证码图像。联系人页面设置了一个会话变量,其中包含验证码图像中显示的 security_code,以便在名为 contactSanitize 的下一页上,我可以从会话中读取该变量并验证用户输入了正确的代码。

同样,这在测试环境中运行良好。但是,在生产环境中,我可以填写表单并提交它,此时会话数据丢失并且contactSanitize 页面将我发送回联系人页面,因为它看不到我输入的代码。

我在这些页面中的任何地方都没有 session_destroy 调用,并且我不会不小心将 $_SESSION 变量设置为空数组或其他任何东西(我检查了两次和三次 - 它也适用于测试环境,所以它可以不要那样)

以下是我的日志中的片段——每一行都包含时间戳,如果有的话,除了我的评论之外,还包含会话 ID。您可以看到实际上contactSanitize 确实具有相同的会话ID,只是会话本身由于某种原因是空的。

这是contact.php 页面: 

DEBUG  2013-04-04 18:23:07 (varsAndSecurityCheck.php:74) Page requires security, checking to see if authenticated user.
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:07 (varsAndSecurityCheck.php:82) authenticated = false
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:130) just before security image
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:134) invoking security image functions
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (CaptchaSecurityImages.php:42) code: hwjdtvw7
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:137) after security image functions, SESSION: Array
(
    [security_code] => hwjdtvw7
)
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:152) Just after security image

我现在提交表单并转到 contactSanitize.php 以验证用户输入:

DEBUG  2013-04-04 18:23:24 (varsAndSecurityCheck.php:74) Page requires security, checking to see if authenticated user.
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:24 (varsAndSecurityCheck.php:82) authenticated = false
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (contactSanitize.php:8) SESSION: Array
(
)

正如您在上面看到的,会话是空的,因此验证失败:

DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (contactSanitize.php:26) No security code and not authenticated, sending to contact page.
DEBUG  2013-04-04 18:23:26 (varsAndSecurityCheck.php:74) Page requires security, checking to see if authenticated user.
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (varsAndSecurityCheck.php:82) authenticated = false

我被送回 contact.php 页面,在该页面生成了一个新的安全代码:

DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:130) just before security image
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:134) invoking security image functions
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (CaptchaSecurityImages.php:42) code: xb66q6jy
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:137) after security image functions, SESSION: Array
(
    [security_code] => xb66q6jy
)
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:152) Just after security image

编辑

我添加了一些额外的日志来显示 session_start 调用发生在两个页面的开头。以下行现在出现在 contact 和 contactSanitize 页面的开头:

DEBUG  2013-04-04 19:26:15 (varsAndSecurityCheck.php:74) Page requires security, checking to see if authenticated user.
DEBUG  2013-04-04 19:26:15 (varsAndSecurityCheck.php:78) page is secure, starting session now.

这是 varsAndSecurityCheck.php 页面中的一个小片段,用于显示“开始会话”的日志来自何处:

$log->debug("page is secure, starting session now.");
session_start();

以下是我来自contact.php的代码的相关部分: 

<?php
    ...
    //session is started by this first include when secure connection is verified
    include_once "../includes/varsAndSecurityCheck.php";
    //this just connects to my database, no session manipulation here
    include_once "../includes/dbConnect.php";
    //this includes some functions for generating a captcha image
    include_once "../captcha/CaptchaSecurityImages.php";

    //this is just including some basic styling and navigation  
    include '../includes/header.php';
?>
...
    <form method="post" action="contactSanitize.php">
    ...
            $log->debug("just before security image");
        ?>
            <div class="centerText">
                <?php
                    $log->debug("invoking security image functions");
                    $_SESSION['security_code'] = generateCode(8);
                    $log->debug("after security image functions, SESSION: ".print_r($_SESSION,true));
                ?>  
                <?=captchaSecurityImages($_SESSION['security_code'],320,70)?>

            </div>
            ...
            <div class="centerText">
                <input id="security_code" name="security_code" type="text" maxlength="8" />
                <br><br>
                <input type="submit" name="submit" value="Send Message" class='generalFormButton' />
            </div>
        <?
            $log->debug("Just after security image");
        }

        ?>

这是我的 contactSanitize 页面的第一部分,您可以看到它在第一个条件下失败:

<?php

//this starts the session when secure connection is made
include_once "../includes/varsAndSecurityCheck.php";
//This connects to database, no session manipulation here
include_once "../includes/dbConnect.php";
//This includes some e-mail functions, no session manipulation
include_once '../includes/mail.php';

$log->debug("SESSION: ".print_r($_SESSION,true));


$_SESSION['formData'] = array('visitor_name' => $_POST['visitor_name'],
                'visitor_email' => $_POST['visitor_email'],
                'ReasonForContacting' => $_POST['ReasonForContacting'],
                'message_body' => $_POST['message_body']
            );

if(!isset($_SESSION['security_code']) && !$authenticated)
{
    $log->debug("No security code and not authenticated, sending to contact page.");
    $_SESSION['contactError'] = "You must type the security code before sending a message.";
    header("Location: contact.php");
    exit();
}
...
4

1 回答 1

0

根据我的最后一条评论,“会话保存路径”设置不正确,现在已由我的托管服务提供商更正。

于 2013-06-02T01:52:10.957 回答