自动登录后,不会保存$ _SESSION变量 [英] $_SESSION variables don't get saved when automatically logged in
问题描述
我有一个与数据库通信的iPhone应用程序,该数据库包含诸如用户数据(即用户名,电子邮件,密码)之类的内容,为此我创建了一个PHP API,并在iPhone应用程序中连接至该API.我的问题是:我将用户ID保存在 $ _ SESSION
中,以便以后在需要时还原它;当我手动登录时, $ _ SESSION
变量很容易保存,我可以调用我想在需要时使用它们,但是当应用程序自动登录时(显然是在第一次登录后,用户名和密码存储在iPhone钥匙串中), $ _ SESSION
变量没有保存,我注意到它们只有在我注销后才被存储和调用,没有问题,这转换为 session_destroy();
之后,这是我用于登录和注销的php代码
I have an iPhone application that communicates with a database which includes things like users data (i.e. username, email, password), I created a PHP API for that and I connect to that API in the iPhone app. My problem here is: I save the user id in $_SESSION
to restore it later when needed, when I manually log in, $_SESSION
variables get saved easily and I can call them whenever I want, but when the app automatically logs in (which is obviously after the first log in where username and password get store in the iPhone keychain), $_SESSION
variables doesn't get saved, I noticed that they only get stored and called with no problems after I log out which translates to after session_destroy();
, here's the php code I use for logging in and out
session_start();
function login($user, $pass) {
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
if (count($result['result'])>0) {
$_SESSION['IdUser'] = $result['result'][0]['IdUser'];
print json_encode($result);
} else {
errorJson('Authorization failed');
}
}
function logout() {
$_SESSION = array();
session_destroy();
}
我尝试在登录方法的开头添加 session_destroy();
,但是没有用.
I tried to add session_destroy();
at the start of login method, but it didn't work.
顺便说一句,我也可以将 IdUser
保存在 NSUserDefaults
或iPhone钥匙串中,并在需要时将其发送到服务器.是否安全/在应用程序端而不是服务器端执行此类操作是正确的吗?
By the way, I can alternatively save IdUser
in NSUserDefaults
or iPhone keychain and send it to the server when needed. Is it safe/not wrong to do such things on the app side rather than the server side?
推荐答案
尝试这样的注销功能
function logout(){
function logout() {
session_start();
session_destroy();
}
-
调用注销函数时,它不会调用session_start(),因此无法获取会话变量.应在编辑之前先获取它.
When you call the logout function,it doesn't call the session_start(),so you can't get the the session variables.You should get it before you will edit it.
详细信息: php.net session_destory()
这篇关于自动登录后,不会保存$ _SESSION变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!