在PHP中,为什么我的会话变量保留为引用? [英] In PHP, why are my session variables persisted as references?

查看:68
本文介绍了在PHP中,为什么我的会话变量保留为引用?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

这是代码.通过验证IP地址来检查会话ID是否被欺骗是一项简单的操作:

Here's the code. It's a simple operation to check that a session ID isn't being spoofed by verifying the IP address:

session_start();
$session_ip_address = $_SERVER['REMOTE_ADDR'];
if((!isset($_SESSION['SESSION_IP_ADDRESS'])) || !$_SESSION['SESSION_IP_ADDRESS']) {
    $_SESSION['SESSION_IP_ADDRESS'] = $session_ip_address;
}


if($_SESSION['SESSION_IP_ADDRESS'] != $_SERVER['REMOTE_ADDR']) {
    session_destroy();
    $_SESSION['security_error'] = true;
}

如果我在session_start()之后并在脚本末尾再次插入var_dump($_SESSION),那么我第一次运行代码(未设置会话cookie)时,我首先会看到数组为空,然后它已将我的IP地址分配给键"SESSION_IP_ADDRESS".到目前为止,一切都很好.但是,当我再次运行代码时,现在它表明在会话开始后立即将"SESSION_IP_ADDRESS"存储为引用(我可以通过在字符串前加上&"号来辨别).当我第三次运行它时,我看到在会话开始之后,'SESSION_IP_ADDRESS'现在是空引用('SESSION_IP_ADDRESS' => &null).这是怎么回事?!

If I insert var_dump($_SESSION) right after session_start() and again at the end of the script, then the very first time I run the code (without a session cookie set) I see that at first the array is empty, then it has my IP address assigned to the key 'SESSION_IP_ADDRESS'. So far, so good. But when I run the code again, now it shows that 'SESSION_IP_ADDRESS' is stored as a reference immediately after the session starts (I can tell by the ampersand prepended to the string). When I run it a third time, I see that 'SESSION_IP_ADDRESS' is now a null reference ('SESSION_IP_ADDRESS' => &null) immediately after the session starts. What is going on?!

重申一下,这是第一次输出:

To reiterate, this is the output the first time:

array(0) {
}
array(1) {
  ["SESSION_IP_ADDRESS"]=>
  string(11) "xx.xx.xxx.x"
}

这是第二次输出:

array(1) {
  ["SESSION_IP_ADDRESS"]=>
  &string(11) "xx.xx.xxx.x"
}
array(1) {
  ["SESSION_IP_ADDRESS"]=>
  &string(11) "xx.xx.xxx.x"
}

第三次,以及从此以后的每次:

And the third time and every time from then on:

array(1) {
  ["SESSION_IP_ADDRESS"]=>
  &NULL
}
array(1) {
  ["SESSION_IP_ADDRESS"]=>
  &string(11) "xx.xx.xxx.x"
}

推荐答案

我的一位客户遇到了非常相似的问题.

One of my customers had a very similar problem.

确保您的PHP配置(PHP.ini)具有register_globals Off,否则常规变量将覆盖超全局变量,包括 PHP会话.

Make sure your PHP configuration (PHP.ini) has register_globals Off otherwise regular variables overwrite superglobals including PHP sessions.

这篇关于在PHP中,为什么我的会话变量保留为引用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆