PHP $-SESSION 变量在新页面上消失并返回空 [英] PHP $-SESSION variables disappear on new page and return empty
问题描述
我遇到了会话变量的问题.自从我从 mysqli 切换到 PDO.它在 mysqli 上运行良好,但自从我切换到 PDO 后,这个问题就出现了.
我正在尝试登录,我有一个区域,我想确保用户只能看到,如果用户已登录.登录工作正常,但一旦我被引用到我的索引文件,由于登录的功能,我什么也没看到.我可以看到 $_SESSION 变量被填满,但是一旦我重定向到另一个文件,$_SESSION 变量就会消失,我得到一个空数组:
数组()process_login.php
require_once('../inc/user.inc.php');//这里有我所有的功能$user = 新用户();//我的用户类的新实例$用户 ->sec_session();//自制会话函数.我在这个函数中使用 start_session()if (isset($_POST['email'], $_POST['p'])) {$email = filter_var($_POST['email'], FILTER_SANITIZE_STRING);$password = filter_var ($_POST['p'], FILTER_SANITIZE_STRING);$login = $user ->login_user($email, $password);如果($登录){//登录成功//print("<pre>".print_r($_SESSION,true)."</pre>");//在这里我打印了我的 $_SESSION 变量并且它可以工作.我看到它被填满了.header('位置:../index.php');出口();}index.php
<?php$title = '索引';$currentPage = '仪表板';include('php/head.php');require_once('../inc/user.inc.php');$user = 新用户();$用户 ->sec_session();//这里我再次调用我的会话函数.注意: session_start() 包含在这个函数中print("".print_r($_SESSION,true)."</pre>");//现在数组是空的?!??>
user.inc.php - sec_session 函数
受保护的函数 sec_session() {$session_name = 'sec_session_id';$安全=安全;$httponly = true;if (ini_set('session.use_only_cookies', 1) === FALSE) {header("位置:../error.php?err=无法启动安全会话(ini_set)");出口();}$cookieParams = session_get_cookie_params();session_set_cookie_params($cookieParams["lifetime"],$cookieParams["路径"],$cookieParams["域"],$安全,$httponly);会话名称($会话名称);session_start();session_regenerate_id();}登录时,我在登录功能中将会话设置为以下内容:
if ($db_password == $password) {$user_browser = $_SERVER['HTTP_USER_AGENT'];$user_id = preg_replace("/[^0-9]+/", "", $user_id);$_SESSION['user_id'] = $user_id;$username = preg_replace("/[^a-zA-Z0-9_\-]+/","",$用户名);$_SESSION['username'] = $username;$_SESSION['login_string'] = hash('sha512',$密码.$user_browser);返回真;}上面的这一切正常,但只会消失,当我登陆我的 index.php 并且我知道有一些磨损的东西,但我不知道它是什么.
您是使用 http 还是 https 访问本地站点?如果您使用的是安全 cookie,PHP 不会在 http 下读取它们,而是使用新 cookie 启动新会话,切换到 https 可以解决此问题.
从您的 sec_session 函数看来您正在使用安全 cookie ($secure = SECURE;) 那么您的浏览器会话是否使用 HTTPS?如果您使用带有安全 cookie 的 HTTP,您将在每个页面上启动一个新会话,并且无法访问现有会话变量.
最好的解决方案是使用 https 访问您的本地站点,就像您访问实时站点一样,但如果您关闭本地站点的安全 cookie 设置,它也将起作用.
I'm having an issue with the Sessions Variables. Ever since i switched from mysqli to PDO. It worked fine with mysqli, but ever since i switched to PDO, this issue has now come forward.
I'm trying to login and i have an area, where i want to make sure that the user can only see, if the user is logged in. The login works fine, but as soon as i get referred to my index file, i don't see anything, because of the logged in function. I can see the $_SESSION Variable gets filled, but as soon as i redirect to another file, the $_SESSION Variables disappear and i get an empty Array:
Array
(
)
process_login.php
require_once('../inc/user.inc.php'); // here i have all my functions
$user = new User(); // New Instance of my User Class
$user -> sec_session(); // selfmade session function. I use start_session() in this function
if (isset($_POST['email'], $_POST['p'])) {
$email = filter_var($_POST['email'], FILTER_SANITIZE_STRING);
$password = filter_var ($_POST['p'], FILTER_SANITIZE_STRING);
$login = $user -> login_user($email, $password);
if ($login) {
// Login sucessful
//print("<pre>".print_r($_SESSION,true)."</pre>"); //Here i get my $_SESSION variable printed out and it works. I see it is filled.
header('Location: ../index.php');
exit();
}
index.php
<?php
$title = 'Index';
$currentPage = 'Dashboard';
include('php/head.php');
require_once('../inc/user.inc.php');
$user = new User();
$user -> sec_session(); // here i call my session function again. Note: session_start() is included in this function
print("<pre>".print_r($_SESSION,true)."</pre>"); //Now The Array is empty?!?
?>
user.inc.php - sec_session function
protected function sec_session() {
$session_name = 'sec_session_id';
$secure = SECURE;
$httponly = true;
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
session_name($session_name);
session_start();
session_regenerate_id();
}
Whilst logging in, i set the Session to the following in my login function:
if ($db_password == $password) {
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/",
"",
$username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512',
$password . $user_browser);
return true;
}
This above works all fine, but only disappears, when i land in my index.php and i know there is something worng, but i have no idea what it is.
Are you using http or https to access your local site? If you are using secure cookies PHP won't read them under http instead it starts a new session with a new cookie, switching to https solves this problem.
It looks from your sec_session function that you are using secure cookies ($secure = SECURE;) so is your browser session using HTTPS? If you are using HTTP with secure cookies you will start a new session on each page and won't have access to existing session variables.
The best solution is to access your local site with https just like you would for your live site but if you switch off the secure cookie setting for your local site that will work too.
这篇关于PHP $-SESSION 变量在新页面上消失并返回空的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
