[英]PHP - How not to start a session on the login page
I use the same header on all pages of my site like this: 我在网站的所有页面上都使用相同的标题,如下所示:
require_once $_SERVER['DOCUMENT_ROOT'].'/header.php';
The problem is that I also use it for the login page of my website and a session is started as soon as a user accesses it 问题是我也将它用于我的网站的登录页面,并且一旦用户访问它便开始一个会话
login.php 的login.php
<?php
$test = 'login';
require_once $_SERVER['DOCUMENT_ROOT'].'/header.php';
...
header.php header.php文件
<?php
session_start ();
?>
<!DOCTYPE html>
<html lang="fr" class="no-js">
<head>
...
I would like to avoid this, I tried to modify my header.php file like this: 我想避免这种情况,我试图像这样修改header.php文件:
header.php header.php文件
<?php
var_dump($test);
if ($test !== 'login') {
session_start ();
}
?>
<!DOCTYPE html>
<html lang="fr" class="no-js">
<head>
But it does not work, while the var_dump
returns me login
on the login page (it works well when I remove session_start ();
from the header.php
file) 但是,这是行不通的,而var_dump
返回我login
在登录页面(它工作得很好,当我删除session_start ();
从header.php
文件)
Would you have a solution? 你有解决办法吗?
As one of the comments had said, it seems that you are missing the fundamentals here because you are initializing the session but not actually making use of it. 正如其中一项评论所述,您似乎在这里缺少基础知识,因为您正在初始化会话,但实际上并未使用它。
Assigning a value to a variable is not the same as registering it with the session functionality, see the basic usage example . 为变量分配值与向会话功能注册变量不同,请参见基本用法示例 。
Based on this you might have something like: 基于此,您可能会遇到以下情况:
header.php header.php文件
<?php
if ($_SESSION['test'] !== 'login') {
session_start();
$_SESSION['test'] = 'login';
}
...
login.php 的login.php
<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/header.php';
var_dump($_SESSION['test']);
?>
...
I would consider revising your architecture though because you don't need to check if the session is already initialized when calling session_start() . 我会考虑修改您的体系结构,因为在调用session_start()时无需检查会话是否已初始化。
Also and in general, doing this from your header doesn't make much sense which will likely end up causing you problems in the future. 同样,通常来说,从标头执行此操作没有多大意义,将来可能会导致问题。
I think each of your pages should be formatted more like: 我认为您的每个页面都应采用以下格式:
init.php 的init.php
<?php
/* CONFIG FOR APPLICATION
-------------------------- */
// Could potentially define some runtime configuration
if ($_SERVER['HTTP_HOST'] == 'proddomain.tld') {
define('ENVIRONMENT', 'production');
}
else if ($_SERVER['HTTP_HOST'] == 'localhost') {
define('ENVIRONMENT', 'development');
}
else {
echo 'Unknown runtime environment!';
exit;
}
// Create or resume the session
session_start();
// Testing out session functionality
$_SESSION['test'] = 'hello world';
// Could include some session handling for expiration, etc
// Could include a routing solution
// But fine depending on the page you want to show the header
// So you can make some condition that matches this,
// like check the url to see if it is login.php and if not then include the header
if ($myMagicCondition) {
require_once $_SERVER['DOCUMENT_ROOT'].'/navigation.php';
}
anypage.php anypage.php
<?php
// Include the application configuration
require_once $_SERVER['DOCUMENT_ROOT'].'/init.php';
// Testing runtime constants
var_dump(ENVIRONMENT);
// Testing registered session variable
var_dump($_SESSION['test']);
// The rest of your page
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.