session_regenerate_id（）的问题

I am using Facebook's PHP SDK for validating users to leave comments and it works quite well. Once, validated, I store the user information in a session variable, but first call session_regenerate_id() and then reload the page. When the page reloads, the old session data is still available, including the Facebook SDK state variable, however, the session variable I added is not available. The following is a snippet of the code:

session_regenerate_id();
$_SESSION[...] = ...;

header('Location: ...');
die();

If I take out the session_regenerate_id() then everything works perfectly. Any ideas what I am doing wrong?

EDIT

If I log session_id() every page load, I see that session_regenerate_id() generates a new id and the session contains everything I expect. However, when the page reload occurs, the session id is the previous session id and not the new one, hence I cannot access the new session variables. Why would this happen?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douhan5547 2016-07-27 12:31
关注
After a lot of logging and scanning the headers being sent and received, I determined that when the initial session was created, the domain used for the cookie was: .domain.com (without the www). However, session_regenerate_id() was setting the domain for the cookie to: www.domain.com. When the browser made a determination of which to send, it always sent the original one, so the session used was always the old one. Once I manually deleted that cookie, everything worked fine.

To ensure this sort of thing doesn't happen again, I added the following before starting my session:

session_set_cookie_params(0, '/', $_SERVER['SERVER_NAME'], true, true);

What is odd, the .htaccess file enforces www.domain.com for consistency, so I am not sure why the initial cookie's domain was set the way it was.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

session_regenerate_id和安全属性 php
2018-11-06 13:04

回答 2 已采纳 In your local folder PHP.ini settings (typically called user.ini and found in your root HTML direc
session_regenerate_id（）的问题 php
2016-07-26 12:33

回答 1 已采纳 After a lot of logging and scanning the headers being sent and received, I determined that when th
什么是session_id，session_regenerate_id和session_name用于？ php
2010-07-23 14:42

回答 5 已采纳 No, you don’t need to use them. In general all you need is session_start to start the session ha
PHP Session_Regenerate_ID函数双释放内存破坏漏洞
2020-10-28 17:17

PHP Session_Regenerate_ID函数存在双释放内容破坏问题，远程攻击者可利用此漏洞对应用程序进行拒绝服务攻击，可能导致任意指令执行。
无法从会话中删除__ci_last_regenerate php
2016-10-03 22:28

回答 2 已采纳 You're not supposed to delete that. The library uses it internally - that's why it is re-created e
经典asp中的PHP session_regenerate_id的等价物 php
2012-05-08 13:17

回答 1 已采纳 No, there is no equivalent method in ASP Classic. The only option is to use Session.Abandon. This
session_write_close（）：无法使用用户定义的保存处理程序写入会话数据。 PHP 7.3.1 php
2019-08-20 03:05

回答 1 已采纳 I don't see a reason why you need to set a shutdown handler. Sessions are automatically saved when
php session_regenerate_id,什么时候以及为什么我应该使用session_regenerate_id（）？
2021-04-16 12:06

origami dance的博客什么session_regenerate_id()啊就像函数名称所说的那样，它是一个函数，它将用新的ID替换当前的会话ID，并保留当前的会话信息。它有什么作用？它主要有助于防止会话固定攻击。会话固定攻击是恶意用户试图利用系统中...
php session_start（）忽略已创建的会话 php
2017-01-05 19:46

回答 1 已采纳 My bad, forgot to add COOKIE to the variables_order directive: variables_order = "GPCS" So that
session_destroy（）+ session_start（）不在标题重定向之后 php
2014-06-14 13:19

回答 1 已采纳 You should use this first: session_start(); // Starts a new or resumes an existing session Then
PHP :::安全SESSION_ID :::没有CSRF？ csrf php
2012-01-27 14:47

回答 2 已采纳 Just use one-time tokens for form submissions. uniqid() is sufficient for this. Store the token
PHP何时以及为什么应该使用 session_regenerate_id()？
2022-09-03 17:09

allway2的博客会话固定攻击是恶意用户试图利用系统中的漏洞来固定（设置）另一个用户的会话 ID (SID)。通过这样做，他们将获得作为原始用户的完全访问权限，并能够执行原本需要身份验证的任务。成功登录时（或为每个 X 请求）分配...
$ _SESSION PHP在不同URL中的同一服务器上无法识别 php
2018-05-29 14:04

回答 1 已采纳 This could happen in 2 cases: First is different domain names. You said, that they are same. Then
php sessionregenerateid,PHP: session_regenerate_id - Manual
2021-05-04 01:52

we shu的博客 //my_session_start()emy_session_regenerate_id()evitamaperdadasessãocausadapor//redesinstáveis.Alémdisso,estecódigopodeevitarqueasessãoseja//roubadaporatacantes.functionmy_sess...
session_regenerate_id 和 session_id
2020-03-28 11:06

三月白丁的博客 session_regenerate_id（delete_old_session）会将旧session文件复制一份，并且重命名成新session文件。因为是复制操作，再不对新文件中的session数据修改的情况下，两份文件session数据相同。其中delete_old_...
PHP sesion_start()或者session_regenerate_id()提示Cannot regenerate session id - headers already sent in
2016-03-15 14:33

z_w_c_小文的博客这个很好解决，只需要在首行加入：ob_start(); 就可以随意输出了。示例如下： ob_start(); if(!session_regenerate_id(TRUE)){ echo "oh no, delete failed"; } else {echo
php7 session id,PHP session_create_id 用法手册 | 示例代码
2021-04-21 20:15

weixin_39569112的博客 This function is very hard to replicate precisely in userland code, because if a session is already started, it will attempt to detect collisions using the new "validate_sid" session handler callback,...
PHP Session Regenerate ID函数的内存破坏漏洞及修复方法
2023-09-28 20:46

ZoExamples的博客 PHP中的函数在一些旧版本中...通过采取这样的修复措施，我们可以确保Session的安全性，并避免内存破坏漏洞带来的潜在问题。在编写PHP应用程序时，我们应该始终关注和修复可能存在的安全漏洞，以保护用户数据的安全。
报警告session_regenerate_id(): Failed to create(read) session ID: files (path: N;/path)
2017-02-14 00:48

weixin_30401605的博客 php.ini文件中的session.save_path = "N;/path"注释掉（前面加分号) 转载于:https://www.cnblogs.com/jerrypro/p/6395972.html
session_id()和session_regenerate_id()对原来session文件和其中数据是怎么处理的
2017-03-29 15:19

weixin_33859231的博客一、session_id()对原来session文件和里面的数据，是怎么处理的? 测验办法:<?php$sid = md5("aaad");session_id($sid);session_start();var_dump(session_id());$_SESSION['ddd'] = 123;?&amp...
没有解决我的问题, 去提问

悬赏问题

¥15 使用Jdk8自带的算法，和Jdk11自带的加密结果会一样吗，不一样的话有什么解决方案，Jdk不能升级的情况
¥15 画两个图 python或R
¥15 在线请求openmv与pixhawk 实现实时目标跟踪的具体通讯方法
¥15 八路抢答器设计出现故障
¥15 opencv 无法读取视频
¥15 用matlab 实现通信仿真
¥15 按键修改电子时钟，C51单片机
¥60 Java中实现如何实现张量类，并用于图像处理(不运用其他科学计算库和图像处理库）)
¥20 5037端口被adb自己占了
¥15 python：excel数据写入多个对应word文档

session_regenerate_id（）的问题

1条回答 默认 最新

悬赏问题

1条回答默认最新