为什么在多次加载页面时会破坏PHP会话？

I have website where I am using login and logout functionality using php.

So, for login, first I call following function :

function sec_session_start() {
    $session_name = 'happiechef_session_ids';   // Set a custom session name
    $secure = false;
    // This stops JavaScript being able to access the session id.
    $httponly = true;
    // Forces sessions to only use cookies.
    if (ini_set('session.use_only_cookies', 1) === FALSE) {
        header("Location:index");
        exit();
    }
    // Gets current cookies params.
    $cookieParams = session_get_cookie_params();
    session_set_cookie_params($cookieParams["lifetime"],
        $cookieParams["path"], 
        $cookieParams["domain"], 
        $secure,
        $httponly);
    // Sets the session name to the one set above.
    session_name($session_name);
    session_start();            // Start the PHP session 
    session_regenerate_id(true);    // regenerated the session, delete the old one. 
}

and then I call following function to check user login information from mysql database :

function admin_login($email, $pass) {
    global $conn;   

    $query = mysqli_query($conn, "SELECT a_email, a_pass, a_id FROM admin_profile WHERE a_email = '$email' LIMIT 1");
    $query_result =  mysqli_fetch_array($query);
    $a_id = (int) $query_result['a_id']; 
    $db_hash = htmlspecialchars($query_result['a_pass']);
    $num = mysqli_num_rows($query);

    if($num == 1) {
        if (checkbrute($email) == true) {
        // if true account is locked
            return false;
        } else {
            if(verify($pass, $db_hash)) {
                $a_id = preg_replace("/[^0-9]+/", "", $a_id);
                $email = validate_data($email);
                $user_browser = $_SERVER['HTTP_USER_AGENT'];
                $_SESSION['logged_admin_user'] = $email;
                $_SESSION['logged_admin_id'] = $a_id;                
                $_SESSION['login_string'] = hash('sha512', $db_hash . $user_browser);
                return true;
            } else {
                $time = time();
                $query =  mysqli_query($conn, "INSERT INTO login_attempt VALUES('', '$email', '$time')");
                return false;
            }
        }
    } else {
        return false;
    }    
}

Well, when I refresh the page multiple time using F5 key from Keyboard it's automatically logged out and sometime when I visit other page it's asking me to login! Somehow it's destroyed the PHP session.

Can anyone tell me what is the problem in my code ?

Thanks In advance.

Update :

Here is the function to check if user is logged or not :

function admin_login_check() {
    // Check if all session variables are set 
    if (isset($_SESSION['logged_admin_user'], $_SESSION['logged_admin_id'], $_SESSION['login_string'])) {
        global $conn;
        $user_id = $_SESSION['logged_admin_id'];
        $login_string = $_SESSION['login_string'];
        $username = $_SESSION['logged_admin_user'];

        // Get the user-agent string of the user.
        $user_browser = $_SERVER['HTTP_USER_AGENT'];

        if($query = mysqli_query($conn, "SELECT a_pass FROM admin_profile WHERE a_email = '$username' ")) {
            $num =  mysqli_num_rows($query);
            if($num == 1) {

                $result =  mysqli_fetch_array($query);
                $password = htmlspecialchars($result['a_pass']);

                // if hash equals function is not exist    
                if(!function_exists('hash_equals')){
                    function hash_equals($str1, $str2){
                        if(strlen($str1) != strlen($str2)){
                            return false;
                        } else {
                            $res = $str1 ^ $str2;
                            $ret = 0;
                            for($i = strlen($res) - 1; $i >= 0; $i--) {
                                $ret |= ord($res[$i]);
                            }
                            return !$ret;
                        }
                    }
                }
                $login_check = hash('sha512', $password.$user_browser); 
                if (hash_equals($login_check, $login_string) ){                    
                    return true;
                } else {          
                    return false;
                }
            } else {
                 return false;
            }
        } else {
           return false;
        }
    } else {        
        return false;
    } 
}

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongyong8071 2016-04-23 14:31
关注
If you remove the session_regenerate_id(true) the session should not destroyed anymore.

Why is this happening?
session_regenerate_id() replace the current session ID with a new one. The session information will be kept. When you use this function to often (reload, AJAX, etc.) you can see this effect on your session. PHP has a restriction for access to the session for only one running task. If you run session_regenerate_id() to often / fast the task get into queue. So the following is happening:

The first call changes the session ID and delete the old session (if parameter is true).

The second call has still the old session ID and tries to do some operations on it.

As the old session doesn't exists anymore, a new session would be created. The user is logged out now (session is invalid now).
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

如何在PHP中使用数据会话？ php
2019-03-04 13:15

回答 1 已采纳 session_start() must be called before any output to the browser. Please update your code on all p
如何在不重定向的情况下在PHP中加载页面，基于会话？ [关闭] php
2016-01-04 23:46

回答 2 已采纳 There is plenty of ways to achieve it. Check if the session is current and then display the main.p
如何在嵌入式文件中使用php会话？ javascript php
2017-08-12 09:24

回答 1 已采纳 It works, you just return javascript wrongly. Firefox for some reason works, but other browsers fa
PHP：在数据库中保存会话
2017-03-03 14:25

mvpzx的博客在默认情况下，PHP会把全部会话数据保存在服务器上的文本文件里。这些文件通常使保存在系统的临时目录里（比如UNIX和Mac OS X系统中就是/tmp目录），其文件名匹配会话ID。然而，PHP还提供一种机制可以让我们以其他...
在高流量站点上使用PHP会话对象的推荐方法是什么？ php
2018-02-14 15:35

回答 1 已采纳 There is a good chance there is an expert here that has a better answer, but for now I will share
PHP中的页面刷新会破坏会话 php
2014-01-02 08:43

回答 2 已采纳 I finally found the answer which is actually my bad. I didn't mention the last part of the index.p
注销时，PHP索引页面会发出会话未知错误 php
2017-04-13 09:05

回答 1 已采纳 The issue is that you don't guard the situation where the email session var is unset, as is after
PHP - 经典面试题大全，看这一篇就够了
2022-09-05 17:49

后端木木的博客 php面试题大全、PHP - 经典面试题大全，看这一篇就够了
如何在常规PHP脚本中继续CakePHP 3会话？ php
2017-10-05 15:47

回答 1 已采纳 CakePHPs PHP session defaults (like all built-in defaults) do change the name of the cookie / the
如何刷新单独的页面以获取PHP会话变量？ ajax html javascript php
2017-02-02 20:38

回答 2 已采纳 Ok. This is a ugly workaround without rewrite all. <span id = "cCopy"><button class = "
php保持用户在更改页面后使用会话登录 php
2018-08-14 15:01

回答 3 已采纳 @waterloomatt & @Isaac thanks for your time and responses! After so many hours, finally i found th
session详解--以php为例
2022-05-14 19:48

云闲不收的博客 //使用这个函数会为对话生成一个默认的标识id 这是我们访问对应的接口，并且打开控制台网络，可以在响应头中看到: Set-Cookie: PHPSESSID=q10mlsnd8ve2393vstrc3qrjoq; path=/ 此时，php只是给客户端默认分配了一...
前往另一个页面时，PHP会话无法识别变量 mysql php
2018-04-20 04:19

回答 3 已采纳 you need to check session isset or not. Change <?php session_start(); $Username=$_GET['Userna
2023php后端面试题整合（最全附答案）2023/7/27更新
2020-12-09 13:48

向宇it的博客 php魔术方法常量 apache和ngiux 错误码安全验证错误等级错误日志数组递归冒泡排序快速排序composer框架区别安全攻击设计模式tcp/udpsession面向对象多继承正则swoole设计模式AJAX大流量单点登陆SSO正反向代理负载...
session过期删除php,session过期怎么恢复?
2021-04-26 22:02

通远的博客如何防止session超时众所周知，当用户登录网站后较长一段时间没有与服务器进行交互，将会导致服务器上的用户会话数据(即session)被销毁。此时，当用户再次操作网页时，如果服务器进行了session校验，那么浏览器将会...
没有解决我的问题, 去提问

悬赏问题

¥15 微信小程序协议怎么写
¥15 c语言怎么用printf（“\b \b”）与getch（）实现黑框里写入与删除？
¥20 怎么用dlib库的算法识别小麦病虫害
¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
¥15 java写代码遇到问题，求帮助
¥15 uniapp uview http 如何实现统一的请求异常信息提示？
¥15 有了解d3和topogram.js库的吗？有偿请教
¥100 任意维数的K均值聚类
¥15 stamps做sbas-insar，时序沉降图怎么画
¥15 买了个传感器，根据商家发的代码和步骤使用但是代码报错了不会改，有没有人可以看看

为什么在多次加载页面时会破坏PHP会话？

1条回答 默认 最新

悬赏问题

1条回答默认最新