PHP会话随机过期
[英]PHP session randomly expires
问题描述
to begin I'd like to explain what I'm trying to accomplish. 
开始我想解释一下我想要完成的事情。 So I have a system where if a user logs in, their username gets stored in $_SESSION['username'] . 所以我有一个系统,如果用户登录,他们的用户名将存储在$_SESSION['username'] 。 On each page I have session_start(); 在每个页面上我都有session_start(); and I then often check to see if(isset($_SESSION['username'])) to show different things. 然后我经常检查if(isset($_SESSION['username']))来显示不同的东西。
This all works great, except for the fact that either the session expires before the timeout, or the $_SESSION['username'] variable gets unset before the timeout, causing the system to think that the user needs to be logged out. 这一切都很有效,除了会话在超时之前到期,或者$_SESSION['username']变量在超时之前未设置,导致系统认为用户需要注销。 I would really like to add that this happens at random! 我真的想补充一点,这是随机发生的!
I can spend 10 minutes on the website with different intervals between interaction and nothing happens, next thing I know, I get kicked out twice in 3 minutes. 我可以在网站上花10分钟,互动间隔不同,没有任何事情发生,接下来我知道,我在3分钟内被踢了两次。
I can verify that session.cookie_lifetime = 0 (Which means that it won't expire until the browser closes) and that session.gc_maxlifetime = 1200 (Which doesn't matter, as I have set my session save folder in a different location than tmp). 我可以验证session.cookie_lifetime = 0 (这意味着它将在浏览器关闭之前不会过期)和session.gc_maxlifetime = 1200 (这没关系,因为我已将会话保存文件夹设置在不同于TMP)。
The only thing I can think of that might be an issue is this code in the login section once the password has been verified: 我可以想到的唯一问题可能是问题,一旦验证密码,登录部分中的代码就是:
$_SESSION['username'] = $usernameInput;
session_write_close();
header("Location: index.php");
I know that using header means the session variables do not get saved, as it cuts of the document, but that is why I use session_write_close(); 我知道使用header意味着会话变量不会被保存,因为它会删除文档,但这就是我使用session_write_close(); to save these variables. 保存这些变量。 And please keep in mind: Everything works after this! 请记住:此后一切正常! I can see my username once I get to index.php. 一旦到达index.php,我就可以看到我的用户名。
There are some SO threads that result in the user saving session variables and stuff on a database, but I'd rather fix it without having to do that. 有一些SO线程导致用户将会话变量和内容保存在数据库中,但我宁愿修复它而不必这样做。
EDIT: So I reintroduced a function to count timeout for sessions and that works, but I have made a discovery. 编辑:所以我重新引入了一个函数来计算会话超时,这是有效的,但我已经发现了。 I've looked into the network section of the browser and in XHR I look for the sessions and the cookies and stuff. 我查看了浏览器的network部分,在XHR我查找会话和cookie以及其他内容。 Something weird happens where the website does a GET request to my logout.php file. 网站对我的logout.php文件发出GET请求时会发生奇怪的事情。
So I looked at what could cause this. 所以我看看可能导致这种情况的原因。 I have 2 logout buttons that get echo'd by PHP and I gave them each different href links. 我有两个注销按钮,由PHP回应,我给了他们每个不同的href链接。 I narrowed it down to this PHP and HTML. 我把它缩小到这个PHP和HTML。 Last time I checked, HTML doesn't automatically go to href's in it's code. 上次我检查时,HTML不会自动转到它的代码中的href。 And I doubt PHP does this. 而且我怀疑PHP会这样做。
if(isset($_SESSION['username'])){
echo "<div class='navProfile navButton'><img class='navProfileIcon' src='images/angerypigeon.jpg' alt=''><h3 class='navProfileUsername'>" . $_SESSION['username'] . "</h3><h3 class='navProfilePosts'>Posts: 102</h3><a class='navProfileLogout' href='php_tools/logoutbutton2.php'>Logout</a></div>";
echo "<button class=\"modalButton upload navButton\" id=\"uploadButton2\" type=\"button\" name=\"button\" style=\"margin-left: auto\">Upload</button>";
}
else {
echo "<button class='navButton' type=\"button\" name=\"button\" onclick=\"location.href = 'login.php'\">Login</button>";
}
When I check my XHR fields in the browser, it sends a GET request for logoutbutton2 . 当我在浏览器中检查我的XHR字段时,它会发送logoutbutton2的GET请求。 How can I prevent this from happening? 我怎样才能防止这种情况发生? I am not clicking on the button myself. 我自己没有点击按钮。 It gets sent randomly. 它随机发送。
3 个解决方案
解决方案1
0 2019-04-05 07:46:55
Since I can not look at all the code I can only speculate. 由于我无法查看我只能推测的所有代码。 What could possibly kill the session at "random". 有什么可能在“随机”中杀死会话。
Maybe you have: 也许你有:
- something like $_SESSION['username']='' or $_SESSION='' in your code. 你的代码中有$ _SESSION ['username'] =''或$ _SESSION =''之类的东西。 Check it again. 再次检查。
- some code ist spitting some chars in front of session_start ? 有些代码在session_start前吐出一些字符?
- a wierd heuristic adblock-privacy-whatnot-browser plugin blocks your session cookie 一个奇怪的启发式adblock-privacy-whatnot-browser插件会阻止你的会话cookie
- an antivirus firewall on your end does some heuristic cookie killing 你端的防病毒防火墙会做一些启发式cookie杀死
- some cleanup job on the server kills the session (very unlikely) 服务器上的一些清理工作会导致会话失败(非常不可能)
- some antivirus on the server kills the session (very unlikely) 服务器上的某些防病毒程序会导致会话失败(非常不可能)
- are you behind a corporate thread management gateway, those things can eat cookies (very unlikely) 你是公司线程管理网关的幕后黑手,这些东西可以吃饼干(非常不可能)
- something ist randomly crashing and restarting the server and killing sessions on the way (very unlikely) 有些东西随机崩溃并重新启动服务器并在途中终止会话(非常不可能)
- javascript could possibly interfere with your session cookie (very unlikely) javascript可能会干扰你的会话cookie(非常不可能)
解决方案2
0 2019-04-05 08:01:40
First, check if SET-COOKIE was correctly set in your request header. 首先,检查请求标头中是否正确设置了SET-COOKIE 。 Check the lifetime (client-side). 检查生命周期(客户端)。
Sometime files about user session were not created correctly. 有时未正确创建有关用户会话的文件。 Check your session_save_path and check this folder if new files were made. 检查session_save_path并检查此文件夹是否有新文件。
解决方案3
0 2019-04-05 21:09:03
The issue seems to have fixed itself. 这个问题似乎已经解决了。 It truly is a random and unpredictable thing.. 它真的是一个随机和不可预测的事情..
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.