duanjiaolao1187
2017-04-15 08:23
浏览 44
已采纳

会话不会在codeigniter中被破坏

I am trying to unset my current logged in user's session.It's working fine if i am doing normal login but when i use remember me settings using cookies it's not being destroy.

My code for set the session and cookie is

public function login() {
    if(isset($this->session->userdata['username']) || isset($_COOKIE['user_id'])){
         $this->load->model('User');

            $p_uid = $this->User->user_login($_COOKIE['user_id'], $_COOKIE['password']);

     redirect(base_url() . "dashboard");
    }else{



    $this->form_validation->set_rules('user_id', 'User ID', 'required');
    $this->form_validation->set_rules('password', 'Password', 'required');
    if ($this->form_validation->run() == FALSE) {
        $this->load->view('login/login');

    } else {

        $user_id = $this->input->post('user_id');
        $password = $this->input->post('password');
        $this->load->model('User');

            $p_uid = $this->User->user_login($user_id, $password);
            //var_dump($p_uid);
            if ($p_uid) {
                if(isset($_POST['remember_me'])){
                    setcookie("user_id",$user_id,time()+86400*30);
                    setcookie("password",$password,time()+86400*30);

                }


               redirect(base_url() . "dashboard/");
            } else {
                $data=array(
                "error"=>"Wrong Userid Or Password"
                );
                $this->load->view('login/login',$data);
            }

    }
    }


}

And My logout Function is:

public function logout(){

    $this->load->helper('cookie');
    delete_cookie("user_id");
    delete_cookie("password");

    $this->session->unset_userdata("username");
    $this->session->sess_destroy();

    redirect(base_url());
}

Where i am doing mistake. please help. Thanks

图片转代码服务由CSDN问答提供 功能建议

我正在尝试取消设置当前登录用户的会话。如果我正常登录但是当我正常工作时工作正常 使用cookies记住我的设置它没有被破坏。

我设置会话和cookie的代码是

  public function login()  {
 if(isset($ this-> session-> userdata ['username'])|| isset($ _ COOKIE ['user_id'])){
 $ this-> load-> model(  '用户'); 
 
 $ p_uid = $ this->用户 - > user_login($ _ COOKIE ['user_id'],$ _COOKIE ['密码']); 
 
重定向(base_url()。  “dashboard”); 
} else {
 
 
 
 $ this-> form_validation-> set_rules('user_id','User ID','required'); 
 $ this->  form_validation-> set_rules('password','Password','required'); 
 if($ this-> form_validation-> run()== FALSE){
 $ this-> load-&gt  ; view('login / login'); 
 
} else {
 
 $ user_id = $ this-> input-> post('user_id'); 
 $ password = $ this-> 输入 - >  post('password'); 
 $ this-> load-> model('User'); 
 
 $ p_uid = $ this-> User-> user_login($ user_id,$ password);  
 // var_dump($ p_uid); 
 if($ p_uid){
 if(isset($ _ POST ['remember_me'])){
 setcookie(“user_id”,$ user_id,time()+ 86400  * 30); 
 setcookie(“password”,$ password,time()+ 86400 * 30); 
 
} 
 
 
重定向(base_url()。  “dashboard /”); 
} else {
 $ data = array(
“error”=>“用户名或密码错误”
); 
 $ this-> load-> view('  login / login',$ data); 
} 
 
} 
} 
 
 
} 
   
 
 

我的注销功能是:

  public function logout(){
 
 $ this-> load-> helper('cookie'); 
 delete_cookie(“user_id”); \  n delete_cookie(“password”); 
 
 $ this-> session-> unset_userdata(“username”); 
 $ this-> session-> sess_destroy(); 
 
 redirect(base_url  ()); 
} 
   
 
 

我在哪里做错了。 请帮忙。 谢谢

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

5条回答 默认 最新

  • duanba4254 2017-04-24 06:45
    已采纳

    I've faced the same issue a while ago. I was trying all methods which were possible. But I failed. Finally I found the solution with ob_start and ob_clean . Logout should be like this:

    class controllerName extends CI_Controller
    {
        function __construct()
        {
            parent::__construct();
            ob_start();
            $this->load->library('Session');
            $this->load->helper('cookie');
        }
    
        public function logout()
        {
            $this->load->driver('cache');   
            $user_id = array(
                'name'   => 'user_id',
                'value'  => '',
                'expire' => '0',
                'domain' => '.localhost',
                'prefix' => ''
            );
    
            delete_cookie($user_id);               
            $this->session->sess_destroy();
            $this->cache->clean();
    
            ob_clean();
            redirect(base_url());            
        }
    
    }
    

    To prevent browser back button previous page load, you should do something like this

    $sess = $this->session->userdata('username');
    if(empty($sess))
    {
        $this->session->set_flashdata('error', 'Session has Expired. Please login');
        redirect('loginController/method'); 
    }
    else
    {
        # success. 
        # continue the normal code here 
    }
    

    FYI: This should be added in every function or being used by a constructor to do it.

    NOTE : Don't add password in cookie. Read - php cookie injection vulnerability?

    已采纳该答案
    评论
    解决 无用
    打赏 举报
  • doupapin172773 2017-04-22 07:31

    First of all, your remember-me mechanism is seriously flawed. See Implementing Secure User Authentication in PHP Applications with Long-Term Persistence.

    I don't understand how your login works. You are checking if username is set in session, then are using cookies to perform login. I guess you've made it work as the first part of || always fails since $this->session->userdata['username'] will never be set. The correct way to access username from session would be:

    $_SESSION['username']
    OR
    $this->session->userdata('username')
    OR
    $this->session->username

    Finally, make sure the cookies are actually being deleted by inspecting your requests in network tab. Codeigniter deletes cookies by setting a negative expiration time of around a day, see if this is the case in your version of Codeigniter. For best results, just set the cookie again with large negative expiration time, and instead of checking if cookie is set, check if cookie is !empty.

    评论
    解决 无用
    打赏 举报
  • duanbiao4035 2017-04-22 18:50
    1. To unset single element from session array:

      $this->session->unset_userdata('some_name');

    2. You can pass an array of keys to unset multiple values:

      $array_items = array('username' => '', 'email' => ''); $this->session->unset_userdata($array_items);

    评论
    解决 无用
    打赏 举报
  • doubiaode0460 2017-04-24 06:18
    public function check_admin_login()
        {
            $admin_email_address=$this->input->post('admin_email_address',true);
            $admin_password=$this->input->post('admin_password',true);
            $this->load->model('admin_model','a_model');
           $result= $this->a_model->check_admin_login_info($admin_email_address,$admin_password);
    //       echo '<pre>';
    //       print_r($result);
    //       exit();
           $sdata=array();
    
           if($result)
           {
               $sdata['full_name']=$result->admin_full_name;
               $sdata['admin_id']=$result->admin_id;
               $this->session->set_userdata($sdata);
               //$sdata[]
               redirect('super_admin');
           }
           else{
               $sdata['message']='Your User Id / Password Invalide !';
               $this->session->set_userdata($sdata);
               $this->load->view('admin/admin_login');
           }
        }
    
    
    for login and for logout
    
    
      public function logout()
        {
            $this->session->unset_userdata('full_name');
            $this->session->unset_userdata('admin_id');
            $sdata=array();
            $sdata['message']='You are Successfully Logout !';
            $this->session->set_userdata($sdata);
            redirect('admin');
    
    
    
        }
    
    评论
    解决 无用
    打赏 举报
  • doumi4676 2017-04-24 12:31

    For delete cookie

    delete_cookie('name', $domain, $path); 
    

    For delete/destroy sesstion

    $this->session->sess_destroy();

    To destroy a particular session

    $this->session->unset_userdata('name');
    

    For multiple items

    $items = array('item-name1' => '', 'item-name2' => '');
    
    $this->session->unset_userdata($items);
    
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题