drl47263 2013-06-17 02:05
浏览 50
已采纳

会话变量未进入下一页

I've just begun using sessions and am having some headaches, I had this working last night, now opening it today...no longer works.

In my login processor I have the following if everything is OK. This script works fine, I have echoed the session variables to ensure that the array works, and it does.

$username - > post from login script
$encrypt_password -> created from password check further up the script      

        {

                    $session_name = 'LOGIN'; // Set a custom session name
                    $secure = false; // Set to true if using https.
                    $httponly = true; // This stops javascript being able to access the session id. 
                    $cookie_lifetime = '3600';
                    $cookie_path = '/';
                    $cookie_domain = '127.0.0.1';

                    session_set_cookie_params($cookie_lifetime, $cookie_path, $cookie_domain, $secure, $httponly); 
                    session_name($session_name); // Sets the session name to the one set above.

                    $group = $row['group_type'];

                    $user_browser = $_SERVER['HTTP_USER_AGENT']; /*grabs browser info*/

                    $user_id = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); /*XSS Protection*/
                    $group_id = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $group);   /*XSS Protection*/

                    session_start();
                    $_SESSION['user']=$user_id;
                    $_SESSION['group_name']=$group_id;
                    $_SESSION['login_string'] = hash('sha512', $user_browser.$encrypt_password);
                    session_write_close();

                    header("location:".$group_id."_index.php");                         
                }

I have created an include file which gathers the info from the session, included on every protected page, this is where it fell apart. I have created custom error codes for each if statement and have found that the if statement here fails. Echoing the session variables or evening printing the session array returns nothing.

 $session_name = 'LOGIN'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 
        $cookie_lifetime = '3600';
        $cookie_path = '/';
        $cookie_domain = '127.0.0.1';

        session_set_cookie_params($cookie_lifetime, $cookie_path, $cookie_domain, $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(false); // regenerated the session, delete the old one.     

    if(isset($_SESSION['user'],$_SESSION['group_name'], $_SESSION['login_string']))

I was changing around the way the user groups worked before this broke, however none of the variables make it through. I am learning from his tut by the way: create a secure login script in php and mysql

Also do I need to call the session parameters every time a user visits a protected page?

Thanks in advance for any pointers.

  • 写回答

2条回答 默认 最新

  • dtds8802 2013-06-17 02:11
    关注

    Try putting session_start(); on TOP of everything, most importantly before you're calling a session. You're calling session_name($session_name); before it even started.

    it=session

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂