dongyuli4538 2010-10-05 23:33
浏览 44

为同一用户存储多个会话的问题

I am having issues whereby the same user is generating two session files. I started to log these in the database so I could see what was going on. I am curious to know whether this stems from setting sessions in a class or whether there is some programing faux pas behind this. Below are both sessions from my computer generated within a minute of each other:

session_id  session_data
kfmj13vi5o538mvi57at8th0n2  useradd|s:10:"xx.xx.62.69";redirect|s:10:"/index.php";
3bb0fkisndf3u0o1l3195iclh2  UID|s:1:"1";USERNAME|s:9:"kalpaitch";

Sometimes (not always) when a user logs in, the class responsible for adding the 'UID' and 'USERNAME' to the session seems to create a new session entirely (as above) and therefore the page does not register the user as having logged in.

This is a script someone else wrote, with the following path => loginform.php posts to validate.php which calls the method below.

function validateUser($username,$password, $redirect){
        $password=md5($password);
        if(get_magic_quotes_gpc()){
            $username = stripslashes($username);
            $password = stripslashes($password);
        }       

        $sql = "SELECT id,username,password FROM users WHERE username='" . mysql_real_escape_string($username) . "' AND password='" . mysql_real_escape_string($password) . "' AND status='1' and verified=1"; 

        $result=mysql_query($sql);
        $row = mysql_fetch_array($result);

        if ($row["id"]){
            session_start();
             $_SESSION["UID"] = $row["id"];
             $_SESSION["USERNAME"]=$row["username"];
             header("location: http://www.xxx.com".$redirect);
        }else{
            unset($_SESSION["UID"]);
            unset($_SESSION["USERNAME"]);

            $sql = "select id,username,password from user where username='" . mysql_real_escape_string($username) . "' and password='" . mysql_real_escape_string($password) . "' and status='1' and verified=0"; 
            $result=mysql_query($sql);
            $row = mysql_fetch_array($result);
            if ($row["id"]){
                $_SESSION['login'] = 'Verify your account by email';
                header("location: http://www.xxx.com".$redirect);
            }else{
                $_SESSION['login'] = 'Incorrect username or password';
                header("location: http://www.xxx.com".$redirect);
            }
        }
    }
  • 写回答

1条回答 默认 最新

  • duanhuan2301 2010-10-05 23:47
    关注

    Very probably this has to do with either session cookie settings, cookie-path for instance, or cookie-domain, especially when you're alternating between a www.domain.tld and a plain domain.tld site; or a session_regenerate_id() call after login (which is actually a good idea, as it avoids session-fixation).

    评论

报告相同问题?

悬赏问题

  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 unity第一人称射击小游戏,有demo,在原脚本的基础上进行修改以达到要求
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line