令牌会话和后令牌始终不同,尽管它们来自同一参数
[英]Token Session and Post Token always different although from the same paramater
问题描述
i'm generate a token for my form like this: 
我为表单生成令牌,如下所示:
/*** set a form token ***/
$token = md5( uniqid(rand(), true) );
/*** set the session form token ***/
$_SESSION['form_token'] = $token;
and put hidden input in my form like this: 并将隐藏的输入放入我的表单中,如下所示:
<input type="hidden" name="token" value="<?php echo $token; ?>" />
but when i submit the pages and compare the token it give me a different token id. 但是当我提交页面并比较令牌时,它给了我一个不同的令牌ID。 can anyone tell me am i doing something wrong? 谁能告诉我我做错了吗?
2 个解决方案
解决方案1
0 已采纳 2014-12-19 15:16:28
Make sure you only (re)generate a token if the form is not submitted yet. 如果尚未提交表单,请确保仅(重新)生成令牌。
<?php
// Process request OR show form..
if($_SERVER['REQUEST_METHOD'] === 'POST')
{
// check if we receive a token
if(isset($_POST['form_token']))
{
// compare the token
if($_POST['form_token'] === $_SESSION['form_token'])
{
// do the magic here...
unset($_SESSION['form_token']);
} else {
die('No token match');
}
} else {
die('No token found');
}
} else {
$token = md5( uniqid(rand(), true));
$_SESSION['form_token'] = $token;
// print form with hidden token..
}
解决方案2
0
Try visiting your site in an incognito window. 尝试在隐身窗口中访问您的网站。 If this works, you need to delete all your browsers' cookies and other site plugins because your session has been cached. 如果这可行,则由于会话已被缓存,因此需要删除所有浏览器的cookie和其他网站插件。 It's trying to match sessions from an earlier time. 它正在尝试匹配更早的会话。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.