drl47263 2013-06-16 18:05
浏览 50
已采纳

会话变量未进入下一页

I've just begun using sessions and am having some headaches, I had this working last night, now opening it today...no longer works.

In my login processor I have the following if everything is OK. This script works fine, I have echoed the session variables to ensure that the array works, and it does.

$username - > post from login script
$encrypt_password -> created from password check further up the script      

        {

                    $session_name = 'LOGIN'; // Set a custom session name
                    $secure = false; // Set to true if using https.
                    $httponly = true; // This stops javascript being able to access the session id. 
                    $cookie_lifetime = '3600';
                    $cookie_path = '/';
                    $cookie_domain = '127.0.0.1';

                    session_set_cookie_params($cookie_lifetime, $cookie_path, $cookie_domain, $secure, $httponly); 
                    session_name($session_name); // Sets the session name to the one set above.

                    $group = $row['group_type'];

                    $user_browser = $_SERVER['HTTP_USER_AGENT']; /*grabs browser info*/

                    $user_id = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); /*XSS Protection*/
                    $group_id = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $group);   /*XSS Protection*/

                    session_start();
                    $_SESSION['user']=$user_id;
                    $_SESSION['group_name']=$group_id;
                    $_SESSION['login_string'] = hash('sha512', $user_browser.$encrypt_password);
                    session_write_close();

                    header("location:".$group_id."_index.php");                         
                }

I have created an include file which gathers the info from the session, included on every protected page, this is where it fell apart. I have created custom error codes for each if statement and have found that the if statement here fails. Echoing the session variables or evening printing the session array returns nothing.

 $session_name = 'LOGIN'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 
        $cookie_lifetime = '3600';
        $cookie_path = '/';
        $cookie_domain = '127.0.0.1';

        session_set_cookie_params($cookie_lifetime, $cookie_path, $cookie_domain, $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(false); // regenerated the session, delete the old one.     

    if(isset($_SESSION['user'],$_SESSION['group_name'], $_SESSION['login_string']))

I was changing around the way the user groups worked before this broke, however none of the variables make it through. I am learning from his tut by the way: create a secure login script in php and mysql

Also do I need to call the session parameters every time a user visits a protected page?

Thanks in advance for any pointers.

展开全部

  • 写回答

2条回答 默认 最新

  • dtds8802 2013-06-16 18:11
    关注

    Try putting session_start(); on TOP of everything, most importantly before you're calling a session. You're calling session_name($session_name); before it even started.

    it=session

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)
编辑
预览

报告相同问题?

手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部