douqi1212 2011-06-02 10:54
浏览 69
已采纳

即后台按钮PHP会话问题“网页已过期”

On IE when user hits back button they get the classic IE "webpage has expired" message.

I have found that setting the following in my php.ini has solved this.

'session.cache_limiter=private'

However my problem now is when I send forms I include a PHP session value ($_SESSION['token']) in a hidden field. I then check this on the following page to see if token values match

echo "<form ......<input type='hidden' name='token' value='".$_SESSION['token']."' />";

/*on recieving page*/
if($_POST['token']==$_SESSION['token']){/*ok matched*/}
else{/*THIS IS WHERE THE ERROR OCCURS*/}

My problem is since adding this setting to my php.ini file I noticed when sending forms I get my custom page error as for some reason the $_SESSION['token'] value appears to change on the page receiving the form data thus making the if() statement return false? It's happening in all browsers now?

Here is my $_SESSION['token'] code (NOTE when sending my form it lands in the else() but value changes of $_SESSION['token'] something to do with cache perhaps not retaining my $_SESSION values?

session_start()
if(!isset($_SESSION['token']))
{
            $token = md5(uniqid(rand(), TRUE));
            $_SESSION['token'] = $token; /*have to put current session token into this variable for hidden field in <form>*/
            $_SESSION['token_time'] = time();
}
else
{
            /*if token set ie user press back button on browser*/
            $token_age = time() - $_SESSION['token_time'];
            if ($token_age > 1200)
            {
                        /* More than 20 minutes has passed - regenerate. Do this so more likely wont timeout when user taking long time on <form> and token may not get refreshed before time limit*/
                        $token = md5(uniqid(rand(), TRUE));
                        $_SESSION['token'] = $token; /*have to put current session token into this variable for hidden field in <form>*/
                        $_SESSION['token_time'] = time();
            }

}

If any use heres my other php.ini session settings

session.cache_limiter=private
session.cookie_secure=1 ;my wholes site is SSL
session.cookie_httponly=1
session.save_path = /tmp ;directory to store sessions
session.save_handler = files
session.cookie_lifetime = 0 ;persistence cookie dies after browser closed
session.use_trans_sid = 0
session.use_only_cookies=1

Let me just clear something up guys, the reason this whole problem occurs is using the 'session.cache_limiter=private'. If I take this out theres no problem except I get a message in IE when hitting back button on a form page saying "Webpage expired". Is there any suggestions how to avoid that message occuring in IE when hitting the back button?

  • 写回答

2条回答 默认 最新

  • dongnan1989 2011-06-02 12:02
    关注

    ini_set("session.cache_limiter", "must-revalidate");

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥100 关于使用MATLAB中copularnd函数的问题
  • ¥20 在虚拟机的pycharm上
  • ¥15 jupyterthemes 设置完毕后没有效果
  • ¥15 matlab图像高斯低通滤波
  • ¥15 针对曲面部件的制孔路径规划,大家有什么思路吗
  • ¥15 钢筋实图交点识别,机器视觉代码
  • ¥15 如何在Linux系统中,但是在window系统上idea里面可以正常运行?(相关搜索:jar包)
  • ¥50 400g qsfp 光模块iphy方案
  • ¥15 两块ADC0804用proteus仿真时,出现异常
  • ¥15 关于风控系统,如何去选择