php $_SESSION变量随机消失并重新出现 [英] php $_SESSION variables disappear and reappear randomly
问题描述
前言:这是我之前的一个问题,他的回答最终没有解决我的问题.但是通过尝试所有建议并尝试其他东西,我发现真正的问题是别的东西,所以我在这里改写我的问题
Preface: this is a "development" from an earlier question of mine, whose answers didn't solve my problem in the end. But through trying all the suggestions and also trying other stuff, I discovered that the real problem is something else, so I rephrase my question here
我有一个登录页面/系统,多年来一直正常工作,让用户保持登录状态,直到他/她关闭浏览器窗口或手动注销.但最近,仅在几分钟不活动后,会话 cookie/s 似乎就过期了,导致用户自动注销.
I have a login page/system which has worked correctly for years, leaving the user logged in until he/she either closes the browser window or logs out manually. But lately after only a few minutes of inactivity the session cookie/s seemed to expire, causing the user to be logged out automatically.
在不同的浏览器和不同的操作系统上都会出现这种情况,PHP版本是5.6.29,最近有改动(之前是5.5甚至是5.3).
This happens on different browsers and different operating systems, the PHP version is 5.6.29, which has been changed recently (before it was 5.5 and even 5.3).
我使用 session_start() 在每个页面上创建和刷新会话.登录脚本首先检查用户名和密码,并从数据库中获取一些其他用户数据.这些其他数据和成功登录状态保存在会话变量中,如
I create and refresh the session on every page with session_start(). The login script first checks user name and PW and also gets some other user data from the database. These other data and the successful login state are saved in session variables like
$_SESSION['username'] = $name;
$_SESSION['usertype'] = $type;
$_SESSION['login'] = "ok";
在其他页面上,我像这样检查登录状态:
On the other pages I check the login state like this:
session_start();
if(($_SESSION['login'] != "ok") OR ($_SESSION['usertype'] != "xxx")) {
header("Location: ../login.php"); /* redirects to login page if conditions are not true */
exit;
}
登录有效,登录用户可以继续访问其他页面一段时间,但一段时间后(变化很大),他/她似乎退出(即重定向到尝试打开另一个页面时的登录页面).
The login works, and logged-in users can proceed to other pages for some time, but after some time (varying strongly), he/she seems to be logged out (i.e. redirected to the login page when trying to open another page).
然后我注意到(在开发人员工具中)会话 ID cookie 在会话似乎已经过期后保持相同的值(我原以为,因为会话变量消失了).但是会话并没有过期,只是会话变量消失了.在我的测试中,我尝试在某些页面上回显其中的一些变量,但我无意中发现,在它们已经消失(没有回显输出)后,几分钟后,当我重新加载页面或已切换到另一个页面.
Then I noticed (in the developer tools) that the session ID cookie kept the same value after the session seemed to have expired (which I had thought, since the session variables were gone). But the session didn't expire, only the session variables had disappeared. In my tests I tried echoing some of those variables on some pages, and rather by accident I discovered that after they already had disappeared (no echo output) they reappeared after a few minutes when I reloaded the page or changed to another page.
现在这就是我目前遇到的问题:这怎么会发生,尤其是:我可以做些什么来防止这些变量玩捉迷藏?
Now that's where I am stuck at the moment: How can this happen, and especially: What can I do to prevent those variables from playing hide-and-seek?
(顺便说一句,我无权访问服务器设置 - 这是在共享网络空间上...)
(BTW, I don't have access to the server settings - this is on a shared webspace...)
推荐答案
对于任何有兴趣的人:
显然@Crouching Kitten 是对的 - 提供商的架构在负载均衡器或类似的东西后面有多台机器,我对此无能为力.
Obviously @Crouching Kitten was right - the provider has an architecture with multiple machines behind a load balancer or something similar, and there is nothing I can do about this.
所以我接受了他的建议,现在将之前作为会话变量的所有内容(连同会话 ID)保存在我在该网站每个页面开头访问的数据库中.我还在那里保存了一个时间戳,它会随着每个包含相同会话 ID 的新查询而更新,因此我可以设置一个 cronjob,每半小时删除过时的数据(超过 90 分钟 - 但该间隔可以是任何时间).
So I took his advice and now save everything that had been session varibles before (together with the session id) in a database which I access at the beginning of each page of that website. I also save a timestamp in there, which gets updated with every new query containing the same session ID, so I could set up a cronjob that erases outdated data (older than 90 minutes - but that interval can be anything) every half hour.
这篇关于php $_SESSION变量随机消失并重新出现的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
