douzen1880 2016-08-26 08:52
浏览 54
已采纳

即使在销毁之后,我的会话再次出现在PHP中

I have a login web page where user logs in. The page is then redirected to an interim page as loginvalidte.php. This page saves the User data in Session and forwards the request to the index.php page which some some user data and also has a logout button which is redirected to login.php

In short,

login.php   - For user to enter username and password
loginvalidate.php  - Session values are initialized
index.php   - Dashboard page with logout button

Here are my pages:

login.php

<!DOCTYPE html>
<?php

//session_unset();
session_destroy();
$_SESSION = array();

$authError='false';
if($_GET['AuthCheck']=='failed'){
        $authError='true';
}
if($_GET['Expired']=='true'){
        $sessionexpire='true';
}

//print_r ($_SESSION);
foreach($_SESSION as $key => $val)
{
      unset($_SESSION[$key]);
}

//unset($_SESSION["InfraUser"]);
//unset($_SESSION["InfraPassword"]);
$_SESSION["InfraUser"]='';
$_SESSION["InfraPassword"]='';

$_SESSION = NULL;
print_r($_SESSION);

?>

<html >
  <head>
    <meta charset="UTF-8">
    <title>One click Infra</title>
        <link rel="stylesheet" href="loginstyle/css/style.css">
  </head>
  <body>
    <html>
<html>

<head>

  <meta charset="UTF-8">

  <title>Login Form</title>
<script src="loginstyle/js/prefixfree.min.js"></script>

</head>

<body>

  <div id="logo">
  <h1><i> One Click Infra</i></h1>
</div>
<section class="stark-login">

  <form action="loginvalidate.php" method="post">
        <?php if($authError=='true'){ ?>
                <div id="fade-box">
                        <p>Authentication Failed. Please Login Again</p>
                </div>
        <?php }
              else if ($sessionexpire=='true'){ ?>
                <div id="fade-box">
                        <p>Session Expired. Please Login Again</p>
                </div>
        <?php }?>


    <div id="fade-box">
                <input type="text" name="username" class="form-control" placeholder="Username" required="" />
                <input type="password" name="userpassword" class="form-control" placeholder="Password" required="" />
                <div hidden>
                        <input type="text" name="authorize" class="form-control" placeholder="Authorize" value="on"/>
                </div>
          <button>Log In</button>
        </div>
      </form>
      <div class="hexagons">
                 <img src="http://i34.photobucket.com/albums/d133/RavenLionheart/NX-Desktop-BG.png" height="768px" width="1366px"/>
              </div>
            </section>
            <div id="circle1">
              <div id="inner-cirlce1">
                <h2> </h2>
              </div>
            </div>
            <ul>
              <li></li>
              <li></li>
              <li></li>
              <li></li>
              <li></li>
            </ul>
  <script src='http://codepen.io/assets/libs/fullpage/jquery.js'></script>
  <script src="loginstyle/js/index.js"></script>
</body>
</html>
        <script src="loginstyle/js/index.js"></script>
  </body>
</html>

loginvalidate.php

<?php

session_start();
$User = $_POST["username"];
$Password = $_POST["userpassword"];

include('/opt/lampp/htdocs/oneclickinfra/Net/SSH2.php');
$ssh = new Net_SSH2('10.41.66.73');
if (!$ssh->login('centos', 'centos')) {
        exit('OCI Server Is Down. Please send mail to performance@snapdeal.com');
}


/////////////////////////////////////////////////////////////////////////////////////////////
if ($_POST['authorize']){
        $command0 = 'curl --request POST "http://gitlab.snapdeal.com/api/v3/session?login='.$User.'&password='.$Password.'"';
        $req_data0 = $ssh->exec($command0);
        if (strpos($req_data0,'Unauthorized')!==false){
                header("Location: login.php?AuthCheck=failed");
        }
        else{
                $_SESSION["InfraUser"] = $User;
                $_SESSION["InfraPassword"] = $Password;
                print 'Data here is: '.$_SESSION["InfraUser"].' and '.$_SESSION["InfraPassword"];
                //sleep(10);
                header("Location: index.php");
        }
}
////////////////////////////////////////////////////////////////////////////////////////////
?>

Some Part of index.php:

<?php
    session_start();

    $User = '';
    $Password = '';

    print_r($_SESSION);

    if(!isset($_SESSION['InfraUser'])){
    //if($_SESSION['InfraUser']===''){
            header("Location: login.php?AuthCheck=failed");
    }
    else{
            $User = $_SESSION["InfraUser"];
            $Password = $_SESSION["InfraPassword"];
    }

    //////////////////////////////////// Maintains Session Only for 30 Minutes ///////////////////////
    if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
            // last request was more than 30 minutes ago
            //session_unset();     // unset $_SESSION variable for the run-time
            //session_destroy();   // destroy session data in storage
            header("Location: login.php?Expired=true");
    }
    $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
    //////////////////////////////////////////////////////////////////////////////////////////////////

    $chefApiFetchAuthCheck = $_GET["chefApiFlavorFetchAuthenticationError"];

The problem is that when I press logout, It is redirected to login.php page which is clearing all the session variable as i do not get any data by printing the session array at login.php page. But when i directly enter the site on index.php, I still get my User session values.

Please help as I want to redirect the user to loginPage if the user directly enters the index.php after logout is hit.

  • 写回答

2条回答 默认 最新

  • dongrang9300 2016-08-26 09:02
    关注

    You need to call session_start() in the beginning of login.php. That's why you don't see the $_SESSION variables and why they aren't being reset.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?