[英]session expiring after refreshing page PHP
I am having problems with a custom start session.For security reasons I decide to look for a method that is safe when starting a session and I came across this tutorial and implemented the method related to start session. 我在自定义启动会话中遇到问题。出于安全原因,我决定在启动会话时寻找一种安全的方法,并且偶然发现了本教程并实现了与启动会话相关的方法。
The problem is that whenever I am initiating a new session variable and redirect to another page which is expecting the value from the initialized session, all my session variable that I initialed earlier on get destroyed forcing the user to logout.Below is my function I am using to start sessions: 问题是,每当我启动一个新的会话变量并重定向到另一个页面时,该页面都希望从已初始化的会话中获取该值,那么我之前初始化的所有会话变量都会被破坏,迫使用户注销。以下是我的功能用于开始会议:
function sec_session_start(){
$session_name = 'sec_session_id';//set a custom session Name
$secure = false;//true if are using https
$httponly = true; //this stops javascript from accessing session id
ini_set('session.use_only_cookies', 1);//FORCES session to only use cookies
$cookie_params = session_get_cookie_params();//Get current cookie params
session_set_cookie_params($cookie_params['lifetime'],$cookie_params['path'],$cookie_params['domain']
,$secure,$httponly);
session_name($session_name);//set the session name to the one set above
if (!isset($_SESSION)){session_start();}//start the php session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO PREVENT SESSION HIJACK
}
I have searched for an answer to my problem with no luck, Please help me on this. 我没有运气,一直在寻找问题的答案,请为此提供帮助。
NB - when I use the default session_start everything works perfect. 注意:当我使用默认的session_start时,一切正常。
You should start session, not when $_SESSION
is not set. 您应该启动会话,而不是在未设置$_SESSION
情况下。
if (!isset($_SESSION)){session_start();}//start the php session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO PREVENT SESSION HIJACK
should be 应该
session_start();//Start new or resume existing session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO PREVENT SESSION HIJACK
Reference: session_regenerate_id 参考: session_regenerate_id
尝试将session_start()放在php代码的顶部,作为第一条指令。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.