PHP会话变量未继承到我的登录页面，但会话ID为 [英] PHP session variables not carrying over to my logged in page, but session ID is

问题描述

我正在使用 PHP 4.3.9，Apache/2.0.52

我试图使登录系统正常工作，以便在登录后可以在会话中注册数据库值的情况下.重定向后，我丢失了会话变量.

I'm trying to get a login system working that registers DB values in a session where they're available once logged in. I'm losing the session variables once I'm redirected.

我正在使用以下代码在我的登录表单页面和重定向页面上打印会话ID/值:

I'm using the following code to print the session ID/values on my login form page and the redirected page:

echo '<font color="red">session id:</font> ' . session_id() . '<br>';
echo '<font color="red">session first name:</font> ' . $_SESSION['first_name'] . '<br>';
echo '<font color="red">session user id:</font> ' . $_SESSION['user_id'] . '<br>';
echo '<font color="red">session user level:</font> ' . $_SESSION['user_level'] . '<br><br>';

这是我的登录页面在浏览器中显示的内容(我只是注释掉标题重定向到登录页面). 这也是来自我的数据库的正确信息，因此目前一切正常.

This is what's printed in my browser from my login page (I just comment out the header redirect to the logged in page). This is the correct info coming from my DB as well, so all is fine at this point.

session id: 1ce7ca8e7102b6fa4cf5b61722aecfbc
session first name: elvis
session user id: 2
session user level: 1

这是我的重定向/登录页面上打印的内容(当我取消注释标题/重定向时). 会话ID相同，但单个会话变量没有任何值.

This is what's printed on my redirected/logged in page (when I uncomment the header/redirect). Session ID is the same, but I get no values for the individual session variables.

session id: 1ce7ca8e7102b6fa4cf5b61722aecfbc
session first name:
session user id:
session user level:

我收到以下错误:

未定义索引:first_name
未定义的索引:user_id
未定义的索引:user_level

Undefined index: first_name
Undefined index: user_id
Undefined index: user_level

我有一个全局的 header.php 文件，尽管loggingOUT.php可以调用我的loggingIN.php，但不会调用它-敬酒会议):

I have a global header.php file which my loggedIN.php does NOT call, though loggedOUT.php does - to toast the session):

header.php

<?php
ob_start();
session_start();

//if NOT on loggedout.php, check for cookie. if exists, they haven't explicity logged out so take user to loggedin.php
if (!strpos($_SERVER['PHP_SELF'], 'loggedout.php')) {
    /*if (isset($_COOKIE['access'])) {
        header('Location: www.mydomain.com/loggedin.php');
    }*/
} else {
    //if on loggedout.php delete cookie
    //setcookie('access', '', time()-3600);

    //destroy session
    $_SESSION = array();
    session_destroy();
    setcookie(session_name(), '', time()-3600);
}

//defines constants and sets up custom error handler
require_once('config.php');

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

some page layout stuff

Login portion is eventually called via include

footer stuff

我的 loggedIN.php 除了开始会话外什么也没做

My loggedIN.php does nothing but start the session

<?php
session_start();
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

我的登录脚本的逻辑，关键部分是我正在将数据库结果直接提取到$ _SESSION中(大约一半):

The logic of my login script, the key part being I'm fetching the DB results right into $_SESSION (about half way down):

if (isset($_POST['login'])) {
        //access db
        require_once(MYSQL);

        //initialize an errors array for non-filled out form fields
        $errors = array();

        //setup $_POST aliases, clean for db and trim any whitespace
        $email  = mysql_real_escape_string(trim($_POST['email']), $dbc);
        $pass   = mysql_real_escape_string(trim($_POST['pass']), $dbc);

        if (empty($email)) {
            $errors[] = 'Please enter your e-mail address.';
        }

        if (empty($pass)) {
            $errors[] = 'Please enter your password.';
        }

        //if all fields filled out and everything is OK
        if (empty($errors)) {
            //check db for a match
            $query = "SELECT user_id, first_name, user_level 
                    FROM the rest of my sql here, blah blah blah";

            $result = @mysql_query($query, $dbc) 
                OR trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error($dbc));

            if (@mysql_num_rows($result) == 1) { //a match was made, OK to login

                //register the retrieved values into $_SESSION
                $_SESSION = mysql_fetch_array($result);
                mysql_free_result($result);
                mysql_close($dbc);
                /*              
                setcookie('access'); //if "remember me" not checked, session cookie, expires when browser closes
                                     //in FF you must close the tab before quitting/relaunching, otherwise cookie persists

                //"remember me" checked?
                if(isset($_POST['remember'])){ //expire in 1 hour (3600 = 60 seconds * 60 minutes)
                    setcookie('access', md5(uniqid(rand())), time()+60); //EXPIRES IN ONE MINUTE FOR TESTING
                }
                */

echo '<font color="red">cookie:</font> ' . print_r($_COOKIE) . '<br><br>';
echo '<font color="red">session id:</font> ' . session_id() . '<br>';
echo '<font color="red">session first name:</font> ' . $_SESSION['first_name'] . '<br>';
echo '<font color="red">session user id:</font> ' . $_SESSION['user_id'] . '<br>';
echo '<font color="red">session user level:</font> ' . $_SESSION['user_level'] . '<br><br>';

                ob_end_clean();
                session_write_close();

                $url = BASE_URL . 'loggedin_test2.php';
                header("Location: $url");
                exit();
            } else {
            //wrong username/password combo
            echo '<div id="errors"><span>Either the e-mail address or password entered is incorrect or you have not activated your account. Please try again.</span></div>';
            }

            //clear $_POST so the form isn't sticky
            $_POST = array();
        } else { 
        //report the errors
        echo '<div id="errors"><span>The following error(s) occurred:</span>';

            echo '<ul>';
            foreach($errors as $error) {
                echo "<li>$error</li>";
            }
            echo '</ul></div>';
        }

    } // end isset($_POST['login'])

如果我在登录页面上注释掉标题重定向，则可以从数据库中回显带有正确信息的$ _SESSION变量.但是，一旦重定向到登录页面，它们就消失了/未设置.

有人有什么想法吗?我花了整整一整天的时间，不能说我更接近于解决这个问题.

Anyone have any ideas? I've spent nearly all day on this and can't say I'm any closer to figuring it out.

顺便说一句，我最近做了2个简单的测试页，一个开始了一个会话，在其中设置了一些变量，有一个表单提交，重定向到第二个页面，该页面除了读取/输出会话变量外什么也不做.似乎一切正常，我只是在主应用程序中遇到问题.

BTW, I recently made 2 simple test pages, one started a session, set some variables on it, had a form submit which redirected to a second page which did nothing but read/output the session vars. It all seems to work fine, I'm just having issues with something I'm doing in my main app.

推荐答案

我在您的登录脚本中看不到session_start().如果您不开始会话，我认为php不会保存您放置在$_SESSION数组中的任何数据.为了安全起见，我将变量明确地放置到$_SESSION数组中，而不是仅用$_SESSION = mysql_fetch_array($result);覆盖整个内容.

I don't see a session_start() in your login script. If you aren't starting the session I don't think php will save any data you place in the $_SESSION array. Also to be safe I'd explicitly place variables into the $_SESSION array instead of just overwriting the whole thing with $_SESSION = mysql_fetch_array($result);.

这篇关于PHP会话变量未继承到我的登录页面，但会话ID为的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！