drl47263 2013-06-17 02:05
浏览 50
已采纳

会话变量未进入下一页

I've just begun using sessions and am having some headaches, I had this working last night, now opening it today...no longer works.

In my login processor I have the following if everything is OK. This script works fine, I have echoed the session variables to ensure that the array works, and it does.

$username - > post from login script
$encrypt_password -> created from password check further up the script      

        {

                    $session_name = 'LOGIN'; // Set a custom session name
                    $secure = false; // Set to true if using https.
                    $httponly = true; // This stops javascript being able to access the session id. 
                    $cookie_lifetime = '3600';
                    $cookie_path = '/';
                    $cookie_domain = '127.0.0.1';

                    session_set_cookie_params($cookie_lifetime, $cookie_path, $cookie_domain, $secure, $httponly); 
                    session_name($session_name); // Sets the session name to the one set above.

                    $group = $row['group_type'];

                    $user_browser = $_SERVER['HTTP_USER_AGENT']; /*grabs browser info*/

                    $user_id = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); /*XSS Protection*/
                    $group_id = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $group);   /*XSS Protection*/

                    session_start();
                    $_SESSION['user']=$user_id;
                    $_SESSION['group_name']=$group_id;
                    $_SESSION['login_string'] = hash('sha512', $user_browser.$encrypt_password);
                    session_write_close();

                    header("location:".$group_id."_index.php");                         
                }

I have created an include file which gathers the info from the session, included on every protected page, this is where it fell apart. I have created custom error codes for each if statement and have found that the if statement here fails. Echoing the session variables or evening printing the session array returns nothing.

 $session_name = 'LOGIN'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 
        $cookie_lifetime = '3600';
        $cookie_path = '/';
        $cookie_domain = '127.0.0.1';

        session_set_cookie_params($cookie_lifetime, $cookie_path, $cookie_domain, $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(false); // regenerated the session, delete the old one.     

    if(isset($_SESSION['user'],$_SESSION['group_name'], $_SESSION['login_string']))

I was changing around the way the user groups worked before this broke, however none of the variables make it through. I am learning from his tut by the way: create a secure login script in php and mysql

Also do I need to call the session parameters every time a user visits a protected page?

Thanks in advance for any pointers.

  • 写回答

2条回答 默认 最新

  • dtds8802 2013-06-17 02:11
    关注

    Try putting session_start(); on TOP of everything, most importantly before you're calling a session. You're calling session_name($session_name); before it even started.

    it=session

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
  • dongmei1988 2013-06-17 02:08
    关注

    your regenerating the session on every page, which causes the previous session to destroy data.

    remove session_regenerate_id(false);

    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 用keil调试程序保证结果进行led相关闪烁
  • ¥15 paddle训练自己的数据loss降不下去
  • ¥20 用matlab的pdetool解决以下三个问题
  • ¥15 一道python的homework题,老是非零返回求解
  • ¥15 单个福来轮的平衡与侧向滑动是如何做到的?
  • ¥20 #数电实验的一些问题
  • ¥15 嵌入式Linux固件,能直接告诉我crc32校验的区域在哪不,内核的校验我已经找到了,uboot没有
  • ¥20 h3c静态路要求有详细过程
  • ¥15 调制识别中输入为时频图,星座图,眼图等
  • ¥15 数据结构C++的循环、随机数问题