[英]making user redirect if not logged in using php sessions
I am beginner in web development and i am creating my first project.我是 web 开发的初学者,我正在创建我的第一个项目。 I am using XAMPP, for my php files.
我正在为我的 php 文件使用 XAMPP。 I have basically created app.php , sigin.php .
我基本上已经创建了app.php , sigin.php 。 So in order to prevent user from directly access my app.php i am using session variables in php.
因此,为了防止用户直接访问我的app.php ,我在 php 中使用了 session 变量。 Hence i added the following PHP code just before my app.php .
因此,我在我的app.php之前添加了以下 PHP 代码。
<?php
session_start();
if(!isset($_SESSION['loginstatus'])) {
header('location:./login.php');
die();
}
?>
And i am setting my session variables in my signin.php like the following:我正在我的 signin.php 中设置我的session变量,如下所示:
if($user['username'] == $username && $user['password'] == $password) {
$_SESSION['username'] = $username;
$_SESSION['loginstatus'] = 'success';
echo "success!";
header('location:../app.php');
}
Now i tried accessing my app.php without login, i am still able to access app.php .现在我尝试在没有登录的情况下访问我的app.php ,我仍然能够访问app.php 。 To check where is the issue i cleared my browser history and cookies, then i tried accessing app.php , then surprisingly it worked i was actually redirected to login page, but as soon as i do first succesfull login, and logout and again try to access app.php without login, i was again able to access app.php without login.
要检查问题出在哪里,我清除了我的浏览器历史记录和 cookies,然后我尝试访问app.php ,然后令人惊讶的是它起作用了,我实际上被重定向到登录页面,但是一旦我第一次成功登录,然后注销并再次尝试无需登录即可访问app.php ,我再次无需登录即可访问app.php 。
Now for some reason i feel that my browser is saving session variables too, So to check that i wrote a small piece of code and pasted in my app.php :现在由于某种原因,我觉得我的浏览器也在保存 session 变量,所以要检查我是否写了一小段代码并粘贴到我的app.php中:
<?php
var_dump($_SESSION['loginstatus']);
?>
after first successful login my $_SESSION['loginstatus'] is always set to successful .首次成功登录后,我的$_SESSION['loginstatus']始终设置为successful 。 Now as i said i am a beginner, what i learnt is session are stored in server side.
现在我说我是一个初学者,我学到的是 session 存储在服务器端。 So i am totally confused regarding this.
所以我对此感到非常困惑。
There is a cookie in your webbrowser "phpsessid" wich stores the id of the Session on the server.您的网络浏览器“phpsessid”中有一个 cookie,它将 Session 的 ID 存储在服务器上。 In normal cases you destroy the Session, at logout.
在正常情况下,您会在注销时销毁 Session。
session_unset(); session_unset(); to unset all session variables
取消设置所有 session 变量
session_destroy(); session_destroy(); destroys the session
破坏 session
The Session will timeout after time X. You can change it, described here -> Link Session 将在时间 X 后超时。您可以更改它,在此处描述 -> 链接
So if you have a cookie in your Browser with a valid id of a not-timeouted Session you will always be able to log in.因此,如果您的浏览器中有一个有效 ID 为未超时 Session 的 cookie,您将始终能够登录。
So basically, going to browser setting > privacy and security > more > pre-load pages for faster browsing and searching所以基本上,转到浏览器设置>隐私和安全>更多>预加载页面以更快地浏览和搜索
I just disabled this default setting from chrome, and it started working as expected.我刚刚从 chrome 禁用了这个默认设置,它开始按预期工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.