session_regenerate_id（）的问题

I am using Facebook's PHP SDK for validating users to leave comments and it works quite well. Once, validated, I store the user information in a session variable, but first call session_regenerate_id() and then reload the page. When the page reloads, the old session data is still available, including the Facebook SDK state variable, however, the session variable I added is not available. The following is a snippet of the code:

session_regenerate_id();
$_SESSION[...] = ...;

header('Location: ...');
die();

If I take out the session_regenerate_id() then everything works perfectly. Any ideas what I am doing wrong?

EDIT

If I log session_id() every page load, I see that session_regenerate_id() generates a new id and the session contains everything I expect. However, when the page reload occurs, the session id is the previous session id and not the new one, hence I cannot access the new session variables. Why would this happen?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douhan5547 2016-07-27 12:31
关注
After a lot of logging and scanning the headers being sent and received, I determined that when the initial session was created, the domain used for the cookie was: .domain.com (without the www). However, session_regenerate_id() was setting the domain for the cookie to: www.domain.com. When the browser made a determination of which to send, it always sent the original one, so the session used was always the old one. Once I manually deleted that cookie, everything worked fine.

To ensure this sort of thing doesn't happen again, I added the following before starting my session:

session_set_cookie_params(0, '/', $_SERVER['SERVER_NAME'], true, true);

What is odd, the .htaccess file enforces www.domain.com for consistency, so I am not sure why the initial cookie's domain was set the way it was.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

session_regenerate_id和安全属性 php
2018-11-06 13:04

回答 2 已采纳 In your local folder PHP.ini settings (typically called user.ini and found in your root HTML direc
什么是session_id，session_regenerate_id和session_name用于？ php
2010-07-23 14:42

回答 5 已采纳 No, you don’t need to use them. In general all you need is session_start to start the session ha
无法从会话中删除__ci_last_regenerate php
2016-10-03 22:28

回答 2 已采纳 You're not supposed to delete that. The library uses it internally - that's why it is re-created e
PHP Session_Regenerate_ID函数双释放内存破坏漏洞
2020-10-28 17:17

总的来说，PHP Session_Regenerate_ID函数的双释放内存破坏漏洞是一个重要的安全问题，需要开发者密切关注并采取适当措施来保护他们的应用程序。理解这个漏洞的工作原理和潜在影响，对于提高PHP应用的安全性至关重要...
经典asp中的PHP session_regenerate_id的等价物 php
2012-05-08 13:17

回答 1 已采纳 No, there is no equivalent method in ASP Classic. The only option is to use Session.Abandon. This
session_write_close（）：无法使用用户定义的保存处理程序写入会话数据。 PHP 7.3.1 php
2019-08-20 03:05

回答 1 已采纳 I don't see a reason why you need to set a shutdown handler. Sessions are automatically saved when
php session_start（）忽略已创建的会话 php
2017-01-05 19:46

回答 1 已采纳 My bad, forgot to add COOKIE to the variables_order directive: variables_order = "GPCS" So that
php session_regenerate_id,什么时候以及为什么我应该使用session_regenerate_id（）？
2021-04-16 12:06

origami dance的博客什么session_regenerate_id()啊就像函数名称所说的那样，它是一个函数，它将用新的ID替换当前的会话ID，并保留当前的会话信息。它有什么作用？它主要有助于防止会话固定攻击。会话固定攻击是恶意用户试图利用系统中...
session_destroy（）+ session_start（）不在标题重定向之后 php
2014-06-14 13:19

回答 1 已采纳 You should use this first: session_start(); // Starts a new or resumes an existing session Then
PHP :::安全SESSION_ID :::没有CSRF？ csrf php
2012-01-27 14:47

回答 2 已采纳 Just use one-time tokens for form submissions. uniqid() is sufficient for this. Store the token
$ _SESSION PHP在不同URL中的同一服务器上无法识别 php
2018-05-29 14:04

回答 1 已采纳 This could happen in 2 cases: First is different domain names. You said, that they are same. Then
session_regenerate_id(): Session object destruction failed
2024-04-29 13:33

暮的秋歌的博客 yii框架登录时，遇到这个错误，找到存储session的文件夹，将所有session文件删除，再次刷新，登录成功。
session_regenerate_id 和 session_id
2020-03-28 11:06

三月白丁的博客 session_regenerate_id（delete_old_session）会将旧session文件复制一份，并且重命名成新session文件。因为是复制操作，再不对新文件中的session数据修改的情况下，两份文件session数据相同。其中delete_old_...
PHP何时以及为什么应该使用 session_regenerate_id()？
2022-09-03 17:09

allway2的博客会话固定攻击是恶意用户试图利用系统中的漏洞来固定（设置）另一个用户的会话 ID (SID)。通过这样做，他们将获得作为原始用户的完全访问权限，并能够执行原本需要身份验证的任务。成功登录时（或为每个 X 请求）分配...
php sessionregenerateid,PHP: session_regenerate_id - Manual
2021-05-04 01:52

we shu的博客 //my_session_start()emy_session_regenerate_id()evitamaperdadasessãocausadapor//redesinstáveis.Alémdisso,estecódigopodeevitarqueasessãoseja//roubadaporatacantes.functionmy_sess...
session_id()和session_regenerate_id()对原来session文件和其中数据是怎么处理的
2017-03-29 15:19

weixin_33859231的博客一、session_id()对原来session文件和里面的数据，是怎么处理的? 测验办法:<?php$sid = md5("aaad");session_id($sid);session_start();var_dump(session_id());$_SESSION['ddd'] = 123;?&amp...
PHP sesion_start()或者session_regenerate_id()提示Cannot regenerate session id - headers already sent in
2016-03-15 14:33

z_w_c_小文的博客这个很好解决，只需要在首行加入：ob_start(); 就可以随意输出了。示例如下： ob_start(); if(!session_regenerate_id(TRUE)){ echo "oh no, delete failed"; } else {echo
php如何删除session,PHP: session_regenerate_id - Manual
2021-03-24 09:02

平祥的博客 This feature seems to create a new session ID without clearing the old session data. This is a very important feature for security validation:$usedns = TRUE; // for eliminating failture by proxys usin...
PHP Session Regenerate ID函数的内存破坏漏洞及修复方法
2023-09-28 20:46

ZoExamples的博客 PHP中的函数在一些旧版本中...通过采取这样的修复措施，我们可以确保Session的安全性，并避免内存破坏漏洞带来的潜在问题。在编写PHP应用程序时，我们应该始终关注和修复可能存在的安全漏洞，以保护用户数据的安全。
报警告session_regenerate_id(): Failed to create(read) session ID: files (path: N;/path)
2017-02-14 00:48

weixin_30401605的博客 php.ini文件中的session.save_path = "N;/path"注释掉（前面加分号) 转载于:https://www.cnblogs.com/jerrypro/p/6395972.html
没有解决我的问题, 去提问

悬赏问题

¥15 如何让企业微信机器人实现消息汇总整合
¥50 关于#ui#的问题：做yolov8的ui界面出现的问题
¥15 如何用Python爬取各高校教师公开的教育和工作经历
¥15 TLE9879QXA40 电机驱动
¥20 对于工程问题的非线性数学模型进行线性化
¥15 Mirare PLUS 进行密钥认证？（详解）
¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
¥20 想用ollama做一个自己的AI数据库
¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
¥15 请问怎么才能复现这样的图呀

session_regenerate_id（）的问题

1条回答 默认 最新

悬赏问题

1条回答默认最新