session_start() 每次重新加载都会创建新会话 [英] session_start() creates new session every reload
问题描述
我以前读过这个:
如何修复 PHP 中的Headers already sent"错误
我有一个会话页面,当我刷新/重新加载它时,它会创建一个新的会话 ID!
I have a session page, when I refresh/reload it, it creates a new session id!
<?php
$islogin=0;
$idadmin=0;
session_start();
$sid=session_id();
include("connect.php");
$result=mysql_query("select * from session_noti where sid='$sid'",$cn);
if(mysql_num_rows($result) > 0){
$row=mysql_fetch_object($result);
$islogin=$row->islogin;
$idadmin=$row->idadmin;
}else{
if(mysql_query("insert into session_noti (sid,islogin) values ('$sid',0);")){
}else{
}
}
$user_cookie=@$_COOKIE["*****"];
if($user_cookie != ''){
$user_cookie_res=mysql_query("select * from session_noti where sid='$user_cookie'");
$user_cookie_row=mysql_fetch_object($user_cookie_res);
$islogin=$user_cookie_row->islogin;
$idadmin=$user_cookie_row->idadmin;
}
?>
连接页面:
<?php
$cn = mysql_connect("localhost","root","");
mysql_select_db("***");
?>
为什么?它在本地主机上运行良好,当我想将其上传到服务器时,就会发生这种情况.
why? It works fine on localhost, when I want to upload it on server,this scenario happens.
推荐答案
这段代码似乎设计得很糟糕.除了通常的PHP4 风格"错误(稍后会详细介绍),这对我来说没有任何意义.
This code seems designed very poorly. Except for the usual "PHP4-style" errors (more on that later), it doesn't really make sense to me.
- 如果您使用 PHP 的会话,为什么需要在数据库中复制会话表?您使用 session_start() 已经告诉 PHP 处理所有这些麻烦.
- 为什么要直接访问用户的 Cookie?
我建议您坚持设计并遵循它.
您想自己管理会话,包括传递会话 ID、处理 cookie 等吗?然后不要使用 PHP 的内置会话(但要小心:在这里编写有缺陷的代码的可能性非常高).
您想使用 PHP 的内置会话吗?然后坚持下去.
I recommend that you stick with a design and follow it.
Do you want to manage sessions yourself, including passing session ids, handling cookies, etc? Then don't PHP's builtin sessions (but be careful: the possibility to write flawed code here is really high).
Do you want to use PHP's builtin sessions? Then just stick with them.
如果您想附加到每个用户的详细信息,例如isAdmin",您可以使用会话变量:这就是它们的用途:)
If you want to attach to each users details like "isAdmin", you can use session variables: that's what they're made for :)
<?php
session_start();
if(empty($_SESSION)) {
// Redirect to login
}
else {
if(empty($_SESSION['logged_in'])) {
// Redirect to login
}
else {
// User is logged in
// Is admin?
if(!empty($_SESSION['is_admin'])) {
// YES
}
else {
// NO
}
}
}
?>
有大量关于使用 PHP 会话的指南和教程.例如:http://www.phpro.org/tutorials/Introduction-To-PHP-Sessions.html
There's plenty of guides and tutorials on using sessions with PHP. For example: http://www.phpro.org/tutorials/Introduction-To-PHP-Sessions.html
此外,请确保在 php.ini 中启用会话.我强烈建议使用cookie_only"会话:也就是说,永远不要让 PHP 将会话 ID 作为 GET 或 POST 参数传递.这将使那些禁用 cookie 的用户陷入困境(还有一些吗?),但将使所有其他用户免于成为会话劫持的轻松目标.
Additionally, make sure that in php.ini sessions are enabled. I strongly recommend to use "cookie_only" sessions: that is, never make PHP pass the session id as GET or POST parameter. That will screw those users with cookies disabled (are there still some?), but will save all the others from being easy targets for session hijacking.
这样说...关于您的PHP4 风格"代码:
Thus said... About your "PHP4-style" code:
- 不要使用
mysql_*函数.它们已被弃用.使用 MySQLi 或 PDO,并尽可能使用准备好的语句.例如,行mysql_query("select * from session_noti where sid='$user_cookie'");是 SQL 注入攻击的理想场所. - 不要使用
@运算符.这不好!相反,只需使用isset()或empty()检查变量是否存在.
- Don't use
mysql_*functions. They're deprecated. Use MySQLi or PDO, and use prepared statements when possible. For example, the linemysql_query("select * from session_noti where sid='$user_cookie'");is a perfect place for an SQL Injection attack. - Don't use the
@operator. It's bad! Instead, just check if the variable exists withisset()orempty().
这篇关于session_start() 每次重新加载都会创建新会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
