I'm using PHP 4.3.9, Apache/2.0.52
我使用的是PHP 4.3.9,Apache / 2.0.52
I'm trying to get a login system working that registers DB values in a session where they're available once logged in. I'm losing the session variables once I'm redirected.
我正在尝试让登录系统工作,在会话中注册DB值,一旦登录就可以使用它。一旦我被重定向,我就会丢失会话变量。
I'm using the following code to print the session ID/values on my login form page and the redirected page:
我正在使用以下代码在我的登录表单页面和重定向页面上打印会话ID /值:
echo '<font color="red">session id:</font> ' . session_id() . '<br>';
echo '<font color="red">session first name:</font> ' . $_SESSION['first_name'] . '<br>';
echo '<font color="red">session user id:</font> ' . $_SESSION['user_id'] . '<br>';
echo '<font color="red">session user level:</font> ' . $_SESSION['user_level'] . '<br><br>';
This is what's printed in my browser from my login page (I just comment out the header redirect to the logged in page). This is the correct info coming from my DB as well, so all is fine at this point.
这是我的浏览器从我的登录页面打印的内容(我只是将标题重定向到登录页面)。这也是来自我的数据库的正确信息,所以此时一切都很好。
session id: 1ce7ca8e7102b6fa4cf5b61722aecfbc
session first name: elvis
session user id: 2
session user level: 1
This is what's printed on my redirected/logged in page (when I uncomment the header/redirect). Session ID is the same, but I get no values for the individual session variables.
这是我在重定向/登录页面上打印的内容(当我取消注释标题/重定向时)。会话ID是相同的,但我没有得到各个会话变量的值。
session id: 1ce7ca8e7102b6fa4cf5b61722aecfbc
session first name:
session user id:
session user level:
I get the following errors:
我收到以下错误:
Undefined index: first_name
Undefined index: user_id
Undefined index: user_level
未定义索引:first_name未定义索引:user_id未定义索引:user_level
I have a global header.php file which my loggedIN.php does NOT call, though loggedOUT.php does - to toast the session):
我有一个全局的header.php文件,我的loggedIN.php没有调用,虽然loginOUT.php确实 - 为会话祝酒):
header.php
<?php
ob_start();
session_start();
//if NOT on loggedout.php, check for cookie. if exists, they haven't explicity logged out so take user to loggedin.php
if (!strpos($_SERVER['PHP_SELF'], 'loggedout.php')) {
/*if (isset($_COOKIE['access'])) {
header('Location: www.mydomain.com/loggedin.php');
}*/
} else {
//if on loggedout.php delete cookie
//setcookie('access', '', time()-3600);
//destroy session
$_SESSION = array();
session_destroy();
setcookie(session_name(), '', time()-3600);
}
//defines constants and sets up custom error handler
require_once('config.php');
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
some page layout stuff
Login portion is eventually called via include
footer stuff
My loggedIN.php does nothing but start the session
我的loggedIN.php什么也没做,只是启动会话
<?php
session_start();
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
The logic of my login script, the key part being I'm fetching the DB results right into $_SESSION (about half way down):
我的登录脚本的逻辑,关键部分是我正在获取数据库结果直接进入$ _SESSION(大约一半):
if (isset($_POST['login'])) {
//access db
require_once(MYSQL);
//initialize an errors array for non-filled out form fields
$errors = array();
//setup $_POST aliases, clean for db and trim any whitespace
$email = mysql_real_escape_string(trim($_POST['email']), $dbc);
$pass = mysql_real_escape_string(trim($_POST['pass']), $dbc);
if (empty($email)) {
$errors[] = 'Please enter your e-mail address.';
}
if (empty($pass)) {
$errors[] = 'Please enter your password.';
}
//if all fields filled out and everything is OK
if (empty($errors)) {
//check db for a match
$query = "SELECT user_id, first_name, user_level
FROM the rest of my sql here, blah blah blah";
$result = @mysql_query($query, $dbc)
OR trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error($dbc));
if (@mysql_num_rows($result) == 1) { //a match was made, OK to login
//register the retrieved values into $_SESSION
$_SESSION = mysql_fetch_array($result);
mysql_free_result($result);
mysql_close($dbc);
/*
setcookie('access'); //if "remember me" not checked, session cookie, expires when browser closes
//in FF you must close the tab before quitting/relaunching, otherwise cookie persists
//"remember me" checked?
if(isset($_POST['remember'])){ //expire in 1 hour (3600 = 60 seconds * 60 minutes)
setcookie('access', md5(uniqid(rand())), time()+60); //EXPIRES IN ONE MINUTE FOR TESTING
}
*/
echo '<font color="red">cookie:</font> ' . print_r($_COOKIE) . '<br><br>';
echo '<font color="red">session id:</font> ' . session_id() . '<br>';
echo '<font color="red">session first name:</font> ' . $_SESSION['first_name'] . '<br>';
echo '<font color="red">session user id:</font> ' . $_SESSION['user_id'] . '<br>';
echo '<font color="red">session user level:</font> ' . $_SESSION['user_level'] . '<br><br>';
ob_end_clean();
session_write_close();
$url = BASE_URL . 'loggedin_test2.php';
header("Location: $url");
exit();
} else {
//wrong username/password combo
echo '<div id="errors"><span>Either the e-mail address or password entered is incorrect or you have not activated your account. Please try again.</span></div>';
}
//clear $_POST so the form isn't sticky
$_POST = array();
} else {
//report the errors
echo '<div id="errors"><span>The following error(s) occurred:</span>';
echo '<ul>';
foreach($errors as $error) {
echo "<li>$error</li>";
}
echo '</ul></div>';
}
} // end isset($_POST['login'])
if I comment out the header redirect on the login page, I can echo out the $_SESSION variables with the right info from the DB. Once redirected to the login page, however, they're gone/unset.
如果我在登录页面上注释掉标题重定向,我可以用数据库中的正确信息回显$ _SESSION变量。但是,一旦重定向到登录页面,它们就会被取消/取消设置。
Anyone have any ideas? I've spent nearly all day on this and can't say I'm any closer to figuring it out.
有人有主意吗?我几乎整天都花在这上面,并且不能说我更接近于弄清楚它。
BTW, I recently made 2 simple test pages, one started a session, set some variables on it, had a form submit which redirected to a second page which did nothing but read/output the session vars. It all seems to work fine, I'm just having issues with something I'm doing in my main app.
顺便说一句,我最近制作了两个简单的测试页面,一个开始一个会话,在其上设置一些变量,有一个表单提交,重定向到第二个页面,除了读取/输出会话变量之外什么也没做。这一切似乎工作正常,我只是在我的主应用程序中做的事情有问题。
4 个解决方案
#1
I don't see a session_start() in your login script. If you aren't starting the session I don't think php will save any data you place in the $_SESSION array. Also to be safe I'd explicitly place variables into the $_SESSION array instead of just overwriting the whole thing with $_SESSION = mysql_fetch_array($result);.
我没有在您的登录脚本中看到session_start()。如果你没有开始会话我不认为php会保存你放在$ _SESSION数组中的任何数据。同样为了安全起见,我明确地将变量放入$ _SESSION数组,而不是仅使用$ _SESSION = mysql_fetch_array($ result);覆盖整个事物。
#2
Try doing a
尝试做一个
session_regenerate_id(true);
before the
session_write_close();
Also. The best way IMO to do a login script is this:
也。 IMO执行登录脚本的最佳方式是:
Let the login logic be handled within the mainpage the user is trying to access.
让登录逻辑在用户尝试访问的主页中处理。
- If the user is not authenticated, he is thrown back to the login page
- If the user is authenticated, he gets an $_SESSION["auth"] or something
- Then when the user is browsing the main page or other pages that need auth, they just check if the $_SESSION["auth"] is set.
如果用户未经过身份验证,则会将其返回到登录页面
如果用户通过身份验证,则会获得$ _SESSION [“auth”]或其他内容
然后,当用户浏览主页面或需要身份验证的其他页面时,他们只检查是否设置了$ _SESSION [“auth”]。
Then you wont have the trouble of session not saving just before a redirect
然后你就不会遇到在重定向之前没有保存会话的麻烦
#3
...may I add to the other answers, that session_start() sometimes fails or weird stuff occurs if not placed at the very first beginning of the script. In your header script, try:
...我可以添加到其他答案中,session_start()有时会失败,或者如果没有放在脚本的第一个开头那么会发生奇怪的事情。在标题脚本中,尝试:
Instead of
<?php
ob_start();
session_start();
Put
<?php
session_start();
ob_start();
#4
I was having a similar problem when I discovered this:
当我发现这个时,我遇到了类似的问题:
http://www.w3schools.com/php/php_sessions.asp
You HAVE TO put the session_start(); before ANY html tags
你必须把session_start();在任何HTML标签之前
#1
I don't see a session_start() in your login script. If you aren't starting the session I don't think php will save any data you place in the $_SESSION array. Also to be safe I'd explicitly place variables into the $_SESSION array instead of just overwriting the whole thing with $_SESSION = mysql_fetch_array($result);.
我没有在您的登录脚本中看到session_start()。如果你没有开始会话我不认为php会保存你放在$ _SESSION数组中的任何数据。同样为了安全起见,我明确地将变量放入$ _SESSION数组,而不是仅使用$ _SESSION = mysql_fetch_array($ result);覆盖整个事物。
#2
Try doing a
尝试做一个
session_regenerate_id(true);
before the
session_write_close();
Also. The best way IMO to do a login script is this:
也。 IMO执行登录脚本的最佳方式是:
Let the login logic be handled within the mainpage the user is trying to access.
让登录逻辑在用户尝试访问的主页中处理。
- If the user is not authenticated, he is thrown back to the login page
- If the user is authenticated, he gets an $_SESSION["auth"] or something
- Then when the user is browsing the main page or other pages that need auth, they just check if the $_SESSION["auth"] is set.
如果用户未经过身份验证,则会将其返回到登录页面
如果用户通过身份验证,则会获得$ _SESSION [“auth”]或其他内容
然后,当用户浏览主页面或需要身份验证的其他页面时,他们只检查是否设置了$ _SESSION [“auth”]。
Then you wont have the trouble of session not saving just before a redirect
然后你就不会遇到在重定向之前没有保存会话的麻烦
#3
...may I add to the other answers, that session_start() sometimes fails or weird stuff occurs if not placed at the very first beginning of the script. In your header script, try:
...我可以添加到其他答案中,session_start()有时会失败,或者如果没有放在脚本的第一个开头那么会发生奇怪的事情。在标题脚本中,尝试:
Instead of
<?php
ob_start();
session_start();
Put
<?php
session_start();
ob_start();
#4
I was having a similar problem when I discovered this:
当我发现这个时,我遇到了类似的问题:
http://www.w3schools.com/php/php_sessions.asp
You HAVE TO put the session_start(); before ANY html tags
你必须把session_start();在任何HTML标签之前