dongzheng7165 2014-09-29 21:30
浏览 61
已采纳

重新加载部分页面时会丢失会话

I have an issue where some of my pages take an extended period to load due to communications with various external APIs. I noticed that when I change to a different page or reload the current page before it has finished loading, it seems to drop my session and logs me out.

For example, if loading page about.php and then I click a link to load profile.php before about.php has loaded fully, it logs me out and drops me back at the login screen.

I don't know what to search for this but have not been able to find any information on similar problems. Can anyone shed light on what would be causing this?

Top of each page:

sec_session_start();

if(login_check($dp_conn) == false)
{
    header("location:../login.php?error=1");
}

sec_session_start() function:

function sec_session_start()
{
    $session_name = 'sec_session_id'; // Set a custom session name
    $secure = false; // Set to true if using https.
    $httponly = true; // This stops javascript being able to access the session id. 

    ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
    $cookieParams = session_get_cookie_params(); // Gets current cookies params.
    session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
    session_name($session_name); // Sets the session name to the one set above.

    session_start(); // Start the php session
    session_regenerate_id(); // regenerated the session, delete the old one.  
}

login_check() function:

function login_check($db)
{
    // Check if all session variables are set
    if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string']))
    {
        $user_id = $_SESSION['user_id'];
        $login_string = $_SESSION['login_string'];
        $username = $_SESSION['username'];

        $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

        $query = "SELECT password FROM users WHERE id = " . $user_id . " LIMIT 1";
        $result = mysql_query($query, $db);

        if (mysql_num_rows($result) == 1)
        {
            // If the user exists
            $row = mysql_fetch_row($result);
            $password = $row[0];
            $login_check = hash('sha512', $password.$user_browser);

            if($login_check == $login_string)
            {
                // Logged In!!!!
                return true;
            }
            else
            {
                // Not logged in
                return false;
            }
        }
        else
        {
            // Not logged in
            return false;
        }
    }
    else
    {
        // Not logged in
        return false;
    }
}
  • 写回答

1条回答 默认 最新

  • doutu4335 2014-09-29 22:21
    关注

    I will add an answer as this can help others. So using sec_session_start() will use different SESSION ID on every page request, particularly

    session_regenerate_id();

    If your site loads a page very slow and user opens a another link on you page while first page is not loaded fully SESSION ID will be lost hence causing a problem.

    Just remove session_regenerate_id(); from sec_session_start function.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度