regenerate_session_id销毁会话信息
[英]regenerate_session_id destroying session information
问题描述
I have an application that needs to create a new session id at specific times. 
我有一个需要在特定时间创建新会话ID的应用程序。 Right now, this is causing the user to log out because $_SESSION ends up being empty. 现在,这导致用户注销,因为$ _SESSION最终为空。
It is my understanding that regenerate_session_id() should preserve the session information and just change the session id (meaning that $_SESSION['someVar'] would be available on subsequent requests. 据我了解,regenerate_session_id()应该保留会话信息,而只是更改会话ID(这意味着$ _SESSION ['someVar']将在后续请求中可用。
What I'm finding is that $_SESSION is empty on subsequent requests. 我发现,$ _ SESSION在后续请求中为空。
I've tried copying the data: 我尝试复制数据:
$session = $_SESSION;
session_regenerate_id();
$_SESSION = $session;
but that didn't help. 但这没有帮助。 If I comment out session_regenerate_id(); 如果我注释掉session_regenerate_id(); subsequent pages load properly (the $_SESSION array is populated and the user stays logged in). 随后的页面正确加载(填充$ _SESSION数组,并且用户保持登录状态)。
I have a dev environment that I just set up recently running a newer version of PHP (5.5) and this code is functioning as I would expect it to. 我有一个开发环境,我最近刚刚运行了一个较新版本的PHP(5.5),并且该代码可以正常运行。 I'm not aware of any other differences. 我不知道其他任何区别。
What am I missing? 我想念什么? Thanks in advance. 提前致谢。
2 个解决方案
解决方案1
0 2013-11-17 02:27:01
session_start();
$_SESSION['name'] = "mike";
session_regenerate_id();
echo $_SESSION['name'];
outputs 'mike' 输出'mike'
解决方案2
0 2013-11-17 02:40:27
I did a little test on my server and it seems to be working fine. 我在服务器上做了一点测试,看来工作正常。
<?php
session_start();
$old = session_id();
$_SESSION['name'] = "mike";
session_regenerate_id();
$new = session_id();
echo $_SESSION['name']."<br/>\n";
echo $old ."<br/>". $new
?>
Here is a sample of the output: 这是输出示例:
mike
d9oog3vo55936m3088o25qqe27
m6qq99pp1c80mit8e66ho3hfn3
As you can see, it is changing the session id and keeping the session variables in place, as it is supposed to. 如您所见,它正在更改会话ID,并按原样保留会话变量。 Perhaps your hosting provider has some funky settings in the php.ini? 也许您的托管服务提供商在php.ini中有一些时髦的设置? You might want to look into that. 您可能需要调查一下。
Alternatively, and it is a bit of a hassle, couldn't you create a cookie with a key that will log them back in immediately after it logs them out, then delete the cookie?
或者,这有点麻烦,您是否可以创建一个带有密钥的cookie,使其在注销后立即将其重新登录,然后删除该cookie?
After a good nights rest, it occurred to me that you probably have some header issues. 经过一整晚的休息后,我发现您可能遇到了一些标题问题。 Sessions are only valid within the same domain they are set in, so for example, if you set the session variable in www.example.com , then use a header redirect to header("location:example.com"); 会话仅在设置它们的同一个域内有效,因此,例如,如果您在www.example.com设置了会话变量,则使用标题重定向到header("location:example.com"); , your session variables will be blank, as they aren't set for that domain, they are set for www.example.com . ,则您的会话变量将为空白,因为未为该域设置,而是为www.example.com设置。 I would check through your code and see if that is the issue, as you say, it is working fine in your sandbox. 我将检查您的代码,看看是否是问题所在,正如您所说,它在沙盒中运行正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.