我刚刚开始使用会话并且有些头疼,我昨晚有这个工作,现在今天打开它......不再工作了。
如果一切正常,在我的登录处理器中我有以下内容。该脚本工作正常,我已经回显了会话变量以确保数组正常工作,并且确实如此。
$username - > post from login script
$encrypt_password -> created from password check further up the script
{
$session_name = 'LOGIN'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
$cookie_lifetime = '3600';
$cookie_path = '/';
$cookie_domain = '127.0.0.1';
session_set_cookie_params($cookie_lifetime, $cookie_path, $cookie_domain, $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
$group = $row['group_type'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; /*grabs browser info*/
$user_id = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); /*XSS Protection*/
$group_id = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $group); /*XSS Protection*/
session_start();
$_SESSION['user']=$user_id;
$_SESSION['group_name']=$group_id;
$_SESSION['login_string'] = hash('sha512', $user_browser.$encrypt_password);
session_write_close();
header("location:".$group_id."_index.php");
}
我创建了一个包含文件,它从会话中收集信息,包含在每个受保护的页面上,这就是它崩溃的地方。我为每个 if 语句创建了自定义错误代码,并发现这里的 if 语句失败。回显会话变量或晚上打印会话数组不会返回任何内容。
$session_name = 'LOGIN'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
$cookie_lifetime = '3600';
$cookie_path = '/';
$cookie_domain = '127.0.0.1';
session_set_cookie_params($cookie_lifetime, $cookie_path, $cookie_domain, $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(false); // regenerated the session, delete the old one.
if(isset($_SESSION['user'],$_SESSION['group_name'], $_SESSION['login_string']))
在此之前,我正在改变用户组的工作方式,但是没有一个变量能够通过。顺便学习一下他的教程:create a secure login script in php and mysql
每次用户访问受保护的页面时,我还需要调用会话参数吗?
在此先感谢您的任何指点。