在PHP中,为什么我的会话变量保留为引用? [英] In PHP, why are my session variables persisted as references?
问题描述
这是代码.通过验证IP地址来检查会话ID是否被欺骗是一项简单的操作:
Here's the code. It's a simple operation to check that a session ID isn't being spoofed by verifying the IP address:
session_start();
$session_ip_address = $_SERVER['REMOTE_ADDR'];
if((!isset($_SESSION['SESSION_IP_ADDRESS'])) || !$_SESSION['SESSION_IP_ADDRESS']) {
$_SESSION['SESSION_IP_ADDRESS'] = $session_ip_address;
}
if($_SESSION['SESSION_IP_ADDRESS'] != $_SERVER['REMOTE_ADDR']) {
session_destroy();
$_SESSION['security_error'] = true;
}
如果我在session_start()
之后并在脚本末尾再次插入var_dump($_SESSION)
,那么我第一次运行代码(未设置会话cookie)时,我首先会看到数组为空,然后它已将我的IP地址分配给键"SESSION_IP_ADDRESS".到目前为止,一切都很好.但是,当我再次运行代码时,现在它表明在会话开始后立即将"SESSION_IP_ADDRESS"存储为引用(我可以通过在字符串前加上&"号来辨别).当我第三次运行它时,我看到在会话开始之后,'SESSION_IP_ADDRESS'现在是空引用('SESSION_IP_ADDRESS' => &null
).这是怎么回事?!
If I insert var_dump($_SESSION)
right after session_start()
and again at the end of the script, then the very first time I run the code (without a session cookie set) I see that at first the array is empty, then it has my IP address assigned to the key 'SESSION_IP_ADDRESS'. So far, so good. But when I run the code again, now it shows that 'SESSION_IP_ADDRESS' is stored as a reference immediately after the session starts (I can tell by the ampersand prepended to the string). When I run it a third time, I see that 'SESSION_IP_ADDRESS' is now a null reference ('SESSION_IP_ADDRESS' => &null
) immediately after the session starts. What is going on?!
重申一下,这是第一次输出:
To reiterate, this is the output the first time:
array(0) {
}
array(1) {
["SESSION_IP_ADDRESS"]=>
string(11) "xx.xx.xxx.x"
}
这是第二次输出:
array(1) {
["SESSION_IP_ADDRESS"]=>
&string(11) "xx.xx.xxx.x"
}
array(1) {
["SESSION_IP_ADDRESS"]=>
&string(11) "xx.xx.xxx.x"
}
第三次,以及从此以后的每次:
And the third time and every time from then on:
array(1) {
["SESSION_IP_ADDRESS"]=>
&NULL
}
array(1) {
["SESSION_IP_ADDRESS"]=>
&string(11) "xx.xx.xxx.x"
}
推荐答案
我的一位客户遇到了非常相似的问题.
One of my customers had a very similar problem.
确保您的PHP配置(PHP.ini)具有register_globals Off
,否则常规变量将覆盖超全局变量,包括 PHP会话.
Make sure your PHP configuration (PHP.ini) has register_globals Off
otherwise regular variables overwrite superglobals including PHP sessions.
这篇关于在PHP中,为什么我的会话变量保留为引用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!