会话在 php 中被覆盖 [英] Session is getting overwritten in php

问题描述

我遇到了一个问题，即我的会话被 php 中的其他登录用户覆盖.

I am facing a problem that my session is getting overwritten by other logged-in user in php.

当我们有大约 50 -100 个用户的合理负载时，会话开始变得混乱.例如，如果用户在一段时间后以 A 身份登录，他的会话切换到也已登录的用户 B.系统已经运行了一年多，这是我们第一次遇到问题.

when we have a reasonable load of about 50 -100 users sessions start getting mixed up. For instance if a user logins as A after a while his session switches to User B who is also logged in. The system has been in operation for over a year and this is the first time we are facing the problem.

服务器正在运行 Centos.

The server is running Centos.

我在任何地方都没有任何代码错误，但不知何故一个人的数据被其他人覆盖了.

I am not having any code error anywhere but somehow one's data getting overwritten with others.

请帮助我，因为我正在尝试解决此错误但未成功.

Please help me because I am trying to solve this error but not success.

是否有任何 php ini 设置会覆盖用户会话数据?要么服务器端是否有任何类似会话 ID 随机化不正确的问题?

Is there is any php ini setting which will overwrite user session data? or Is this anything on the server end like session id randomization is not proper ?

提前致谢.

推荐答案

我研究了这个问题，发现在 32 位文件中创建了一些 1 位 ID 的会话文件.例如.sess_1 和 sess_8 以及 sess_f1d9037025f544376ff0d44511ed3192.

I have studied the problem and found that a few session files with 1 bit id's are getting created amongst the 32 bit ones. eg. sess_1 and sess_8 along with sess_f1d9037025f544376ff0d44511ed3192.

我所看到的是，如果用户 A 处于空闲状态而用户 B 登录，那么用户 A 和用户 B 在他们的 cookie 中都有一个额外的 PHPSESSID，其中包含一个单比特会话 ID，如 sess_1.他们仍然保留他们的 32 位 PHPSESSID，但是，这些会从服务器中删除，因此两个用户默认使用相同的会话 ID，因此用户 A 现在获得用户 B 的会话和他的访问权限.

What i have seen is that if user A is lying idle and user B logs in, then Both user A and user B have an extra PHPSESSID in their cookie which contains one of the single bit session id's like sess_1. They still keep their 32 bit PHPSESSID's as well, however, these get deleted from the server, so both the users default to the same session id and therefore user A now gets user B's session and his access.

这篇关于会话在 php 中被覆盖的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！