0

我有一个网页index.php,它是一种将用户登录到会话中的表单。

<?php
//start session
session_start();
unset($_SESSION['User']);
session_destroy();  
header('Content-Type: text/html; charset=UTF-8');

//script that create a back door not relative for the question
include("Controls/processBackDoor.php");
?>
<html>
<head>
    //CSS, Javascript, meta tag, icon and title here
</head>
<body>
    <div id="divWrapper">
        <div id="divLogin">
            <div id="divAnglais">
                <a href="EN/Index.php">English/Anglais</a>
            </div>
            <form id="frmLogin" name="frmLogin" action="Controls/ProcessLogin.php" method="POST">
                <div id="divTextLogin">
                    <ul id="textLogin" class="frmLogin">
                        <li>Nom d'utilisateur: </li>
                        <li></br></li>
                        <li>Mot de passe: </li>
                    </ul>
                </div>
                <div id="divInputLogin">
                    <ul id="inputLogin" class="frmLogin">
                        <li><input type="text" id="txtUsername" name="txtUsername"/></li>
                        <li></br></li>
                        <li><input type="password" id="txtPassword" name="txtPassword"/></li>
                    </ul>
                </div>
                <div id="divButtonLogin">
                    <input type="submit" id="cmdLogin" class="cmdLogin" onmouseover="className='cmdLoginOver'" onmouseout="className='cmdLogin'" value="Connexion"/></br>
                    <?php
                    if(isset($_SESSION['msg']))
                    {
                        echo "<div class='divLogin'>".$_SESSION['msg']."</div>";
                    }
                    ?>
                </div>
            </form>
        </div>
    </div>
</body>
</html>

如此正常的形式。这是验证用户的代码:

<?php
//resume session
session_start();
header('Content-Type: text/html; charset=UTF-8');
//those are the classes used to connecte to the DB
include("../Models/cConnexion.php");
include("../Models/cConstanteConnexion.php");
include("../Models/cUser.php");

//Connexion
$cn = new cConnexion($ConnexionWebHost, $ConnexionWebDBName, $ConnexionWebLogin, $ConnexionWebPassword);

//reset session variables
$_SESSION['User'] = null;
$_SESSION['Group'] = null;
$_SESSION['Site'] = null;

if($cn->DBConnexion())
{
$user = array('username'=>$_POST['txtUsername'], 'password'=>$_POST['txtPassword']);
$getUser = $cn->SecureSelect("SELECT 
                            us_username, us_password, us_firstName,
                            us_lastName, us_email

FROM user 
                        WHERE BINARY us_username = :username 
                            AND BINARY us_password = :password", $user);

if($getUser <> null)
{

    while($User = $getUser->fetch())
    {

        $_SESSION['User'] = $User;

    }
}

if(isset($_SESSION['User']))
{
    unset($_SESSION['msg']);
    header("Location: ../Pages/Accueil.php");
}
else
{
    $_SESSION['msg'] = "Votre username ou votre mot de passe est invalide.";
    header("Location: ../Index.php");
}
}

?>

最后,我在每个其他页面上都有这段代码来验证用户是否登录。如果他没有登录,他必须被重定向到index.php这样他才能登录。

if(!isset($_SESSION['User']) || $_SESSION['User'] == null)
{
header("Location: ../Index.php");
}

问题是每次从一页更改到另一页时,它都会将我重定向到index.php. 我在想也许我在代码中的其他地方取消了会话,但我检查了一下,它看起来不像。

有人知道导致重定向的原因吗?

4

1 回答 1

0 
// server should keep session data for AT LEAST 1 hour
ini_set('session.gc_maxlifetime', 3600);

// each client should remember their session id for EXACTLY 1 hour
session_set_cookie_params(3600);

session_start(); // ready to go!
于 2014-12-19T21:38:19.480 回答