堆栈内存溢出
  简体   繁体   English

会话因在Codeigniter中重新生成会话ID而迷路

[英]Session getting lost on regenerating session id in codeigniter

 原文  2019-03-22 11:57:16       php/ codeigniter

问题描述

I have a codeigniter application where the session is set when a user logs in and is shown the user dashboard with somewhat like the code below: 我有一个codeigniter应用程序,在该应用程序中,当用户登录时会设置会话,并向用户显示面板,其内容类似于以下代码: 

public function checkLogin()
{
    $username = $this->input->post("username");
    $password = $this->input->post("password");

    $userId = $this->ModelLogin->checkLogin($username, $password);

    if ($userId) {
        $session_data = array(
            'is_logged_in' => true,
            'userId' => $userId,
        );

        $this->session->set_userdata($session_data);
        redirect("/user/dashboard");
    } else {
        $this->session->set_flashdata('login_error', "Incorrect username/password");
    }
}

Now I am to fix a Session Fixation issue by regenerating the Session ID before authenticating the user. 现在,我将通过在验证用户身份之前重新生成会话ID来解决会话固定问题。 When I include the session_regenerate_id() or even the codeigniter specific $this->session->sess_regenerate() function, it works within this function but as soon as it is redirected to the /user/dashboard the session data gets blank. 当我包含session_regenerate_id()或什至特定于$this->session->sess_regenerate()函数时,它在此函数中均有效,但是一旦将其重定向到/user/dashboard则会话数据将变为空白。

I am adding the regenerate line just before the $this->session->set_userdata($session_data); 我在$this->session->set_userdata($session_data);之前添加重新生成行$this->session->set_userdata($session_data); . The above code works perfectly without the regenerate. 上面的代码无需重新生成即可完美运行。

Additionally, I am using the database session driver. 此外,我正在使用数据库会话驱动程序。 When I switch to the files driver, even the regenerate logic works perfectly. 当我切换到文件驱动程序时,即使重新生成逻辑也可以正常工作。 It's just something with the database driver (I feel) is causing this issue. 这只是数据库驱动程序引起的(我认为)是导致此问题的原因。

1 个解决方案

解决方案1
 0  2019-04-06 11:44:04

I fixed this after days of trial and error. 经过几天的反复试验,我修复了此问题。

This was present in Codeigniter 3.0.x that too on PHP 7.x (which was what my application was running on) 这在Codeigniter 3.0.x中也存在于PHP 7.x中(这是我的应用程序所运行的)

After extensive search, I stumbled upon a Codeigniter changelog that mentioned a regression bug fix in some later versions (3.0.x) of Codeigniter and that's when I started scanning through the changes in the Codeigniter session library and the database driver where I found this snippet: 经过广泛的搜索,我偶然发现了Codeigniter更改日志,其中提到了Codeigniter的某些更高版本(3.0.x)中的回归错误修复,并且这是我开始浏览Codeigniter会话库和数据库驱动程序中的更改的地方,在其中找到了此代码段: 

// PHP7 will reuse the same SessionHandler object after
// ID regeneration, so we need to explicitly set this to
// FALSE instead of relying on the default ...
    $this->_row_exists = FALSE;

Just when I brought this only line change into my existing codeigniter system, the problem was solved instantly! 当我将这唯一的行更改引入到现有的Codeigniter系统中时,问题立即得到解决!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在PHP / CodeIgniter中使用重新生成会话ID - Working with regenerating session id in PHP/CodeIgniter 重新生成会话ID - regenerating session id 正确重新生成会话 ID - Properly regenerating session ID's 无法理解重新生成的会话ID - can not understand regenerating session id CodeIgniter 3 session 在重新生成时丢失 session 仅使用 Memcached 驱动程序的 ID - CodeIgniter 3 session lost on regenerate session id with Memcached driver only 再生会话/销毁会话 - Regenerating Session / Destroying Session PHP 重新生成 session ID 登录/退出无效 - PHP Regenerating session ID on login / out not working 刷新会话ID后,Codeigniter用户数据丢失[CodeIgniter 3.0] - Codeigniter userdata lost after session id refresh [CodeIgniter 3.0] Laravel登录而无需重新生成会话ID - Laravel login without regenerating session id 成功登录后是否重新生成会话ID足以阻止会话固定? - Is regenerating the session ID after successful login sufficient to prevent session fixation?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM