PHP session_regenerate_id和Blackberry浏览器 [英] PHP session_regenerate_id and Blackberry browser
问题描述
问候,
我正在使用登录系统,并且无法使用Blackberry浏览器进行身份验证.似乎他们对PHP的session_regenerate_id()有问题,有人可以建议替代方法吗?这是auth和登录脚本:
I am working on a login system and getting stuck with Blackberry browsers authenticating. It seems they have an issue with PHP's session_regenerate_id(), can someone suggest an alternative? Here are the auth and login scripts:
更新
似乎一般而言,会话均无法正常工作.拿出session_regenerate_id()只是看它是否可以工作,并且每次都会重定向我,就像$_SESSION['MD_SESS_ID']是空白的一样.真的卡在这里,任何想法将不胜感激.使用Blackberry Bold 9650在设备上启用了Cookie.它可以在iPod Touch和PC上的每个浏览器上运行.
UPDATE
It would appear that sessions in general are not working. Took out session_regenerate_id() just to see if it would work and it just redirects me every time, as though the $_SESSION['MD_SESS_ID']were blank. Really stuck here, any ideas would be appreciated. Cookies on the device are enabled, using a Blackberry Bold 9650. It works on my iPod Touch and every browser on my PC.
登录
<?php
session_start();
include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php';
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return $str;
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
if ($username != "" && $password != "") {
$getUser = $db->prepare("SELECT id, username, password, salt FROM uc_dev WHERE username = ? LIMIT 1");
$getUser->execute(array($username));
$userDetails = $getUser->fetch();
$dbPW = $userDetails['password'];
$dbSalt = $userDetails['salt'];
$hashedPassword = hash('sha512', $dbSalt . $password);
if ($hashedPassword == $dbPW) {
//Login Successful
session_regenerate_id();
$_SESSION['MD_SESS_ID'] = $userDetails['id'];
header('Location: http://somewhere.com');
session_write_close();
} else {
header('Location: http://www.somewhere.com');
exit();
}
} else {
header('Location: http://somewhere.com');
exit();
}
?>
身份验证
<?php
//Start the session
session_start();
//Verify that MEMBER ID session is present
if(!isset($_SESSION['MD_SESS_ID']) || (trim($_SESSION['MD_SESS_ID']) == '')) {
$_SESSION = array();
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: http://somewhere.com");
exit();
}
?>
推荐答案
前一段时间,我正在做一些Blackberry开发,结果发现浏览器无法处理多个同名的cookie.不确定他们是否已解决此问题.
A while ago, I was doing some Blackberry development, and found out that the browser couldn't handle multiple cookies with the same name. Not sure if they've fixed this yet.
因此,如果您多次发送Set-Cookie标头(使用setcookie,session_start或session_regenerate_id),并且每次都使用相同的名称,则可能会导致问题.
So if you're sending out the Set-Cookie header more than once (using setcookie, session_start, or session_regenerate_id), using the same name each time, this could be causing your problem.
您可能希望在对象或数组中跟踪需要输出的Cookie,并仅在请求结束时将其发送到浏览器.这样,如果您需要在请求的中间更改它们的值,则可以覆盖数组的值,而不必发送另一个Cookie标头.
You might want to keep track of the cookies you need to output, in an object or array, and only send them to the browser at the very end of the request. This way, if you need to change their values in the middle of the request, you can just overwrite the array's value, rather than sending out another cookie header.
此页面可能也有帮助-有人从PHP的session_regenerate_id页链接到它.
This page may also help -- someone linked to it from PHP's session_regenerate_id page.
这篇关于PHP session_regenerate_id和Blackberry浏览器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
