[英]PHP session randomly expires
to begin I'd like to explain what I'm trying to accomplish. 开始我想解释一下我想要完成的事情。 So I have a system where if a user logs in, their username gets stored in $_SESSION['username']
. 所以我有一个系统,如果用户登录,他们的用户名将存储在$_SESSION['username']
。 On each page I have session_start();
在每个页面上我都有session_start();
and I then often check to see if(isset($_SESSION['username']))
to show different things. 然后我经常检查if(isset($_SESSION['username']))
来显示不同的东西。
This all works great, except for the fact that either the session expires before the timeout, or the $_SESSION['username']
variable gets unset before the timeout, causing the system to think that the user needs to be logged out. 这一切都很有效,除了会话在超时之前到期,或者$_SESSION['username']
变量在超时之前未设置,导致系统认为用户需要注销。 I would really like to add that this happens at random! 我真的想补充一点,这是随机发生的!
I can spend 10 minutes on the website with different intervals between interaction and nothing happens, next thing I know, I get kicked out twice in 3 minutes. 我可以在网站上花10分钟,互动间隔不同,没有任何事情发生,接下来我知道,我在3分钟内被踢了两次。
I can verify that session.cookie_lifetime = 0
(Which means that it won't expire until the browser closes) and that session.gc_maxlifetime = 1200
(Which doesn't matter, as I have set my session save folder in a different location than tmp). 我可以验证session.cookie_lifetime = 0
(这意味着它将在浏览器关闭之前不会过期)和session.gc_maxlifetime = 1200
(这没关系,因为我已将会话保存文件夹设置在不同于TMP)。
The only thing I can think of that might be an issue is this code in the login section once the password has been verified: 我可以想到的唯一问题可能是问题,一旦验证密码,登录部分中的代码就是:
$_SESSION['username'] = $usernameInput;
session_write_close();
header("Location: index.php");
I know that using header means the session variables do not get saved, as it cuts of the document, but that is why I use session_write_close();
我知道使用header意味着会话变量不会被保存,因为它会删除文档,但这就是我使用session_write_close();
to save these variables. 保存这些变量。 And please keep in mind: Everything works after this! 请记住:此后一切正常! I can see my username once I get to index.php. 一旦到达index.php,我就可以看到我的用户名。
There are some SO threads that result in the user saving session variables and stuff on a database, but I'd rather fix it without having to do that. 有一些SO线程导致用户将会话变量和内容保存在数据库中,但我宁愿修复它而不必这样做。
EDIT: So I reintroduced a function to count timeout for sessions and that works, but I have made a discovery. 编辑:所以我重新引入了一个函数来计算会话超时,这是有效的,但我已经发现了。 I've looked into the network
section of the browser and in XHR
I look for the sessions and the cookies and stuff. 我查看了浏览器的network
部分,在XHR
我查找会话和cookie以及其他内容。 Something weird happens where the website does a GET request to my logout.php
file. 网站对我的logout.php
文件发出GET请求时会发生奇怪的事情。
So I looked at what could cause this. 所以我看看可能导致这种情况的原因。 I have 2 logout buttons that get echo'd by PHP and I gave them each different href links. 我有两个注销按钮,由PHP回应,我给了他们每个不同的href链接。 I narrowed it down to this PHP and HTML. 我把它缩小到这个PHP和HTML。 Last time I checked, HTML doesn't automatically go to href's in it's code. 上次我检查时,HTML不会自动转到它的代码中的href。 And I doubt PHP does this. 而且我怀疑PHP会这样做。
if(isset($_SESSION['username'])){
echo "<div class='navProfile navButton'><img class='navProfileIcon' src='images/angerypigeon.jpg' alt=''><h3 class='navProfileUsername'>" . $_SESSION['username'] . "</h3><h3 class='navProfilePosts'>Posts: 102</h3><a class='navProfileLogout' href='php_tools/logoutbutton2.php'>Logout</a></div>";
echo "<button class=\"modalButton upload navButton\" id=\"uploadButton2\" type=\"button\" name=\"button\" style=\"margin-left: auto\">Upload</button>";
}
else {
echo "<button class='navButton' type=\"button\" name=\"button\" onclick=\"location.href = 'login.php'\">Login</button>";
}
When I check my XHR fields in the browser, it sends a GET request for logoutbutton2
. 当我在浏览器中检查我的XHR字段时,它会发送logoutbutton2
的GET请求。 How can I prevent this from happening? 我怎样才能防止这种情况发生? I am not clicking on the button myself. 我自己没有点击按钮。 It gets sent randomly. 它随机发送。
Since I can not look at all the code I can only speculate. 由于我无法查看我只能推测的所有代码。 What could possibly kill the session at "random". 有什么可能在“随机”中杀死会话。
Maybe you have: 也许你有:
First, check if SET-COOKIE
was correctly set in your request header. 首先,检查请求标头中是否正确设置了SET-COOKIE
。 Check the lifetime (client-side). 检查生命周期(客户端)。
Sometime files about user session were not created correctly. 有时未正确创建有关用户会话的文件。 Check your session_save_path
and check this folder if new files were made. 检查session_save_path
并检查此文件夹是否有新文件。
The issue seems to have fixed itself. 这个问题似乎已经解决了。 It truly is a random and unpredictable thing.. 它真的是一个随机和不可预测的事情..
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.