PHP session_regenerate_id和Blackberry浏览器
[英]PHP session_regenerate_id and Blackberry browser
问题描述
Greetings, 
问候,
I am working on a login system and getting stuck with Blackberry browsers authenticating. 我正在使用登录系统,并且无法使用Blackberry浏览器进行身份验证。 It seems they have an issue with PHP's session_regenerate_id(), can someone suggest an alternative? 似乎他们对PHP的session_regenerate_id()有问题,有人可以建议替代方法吗? Here are the auth and login scripts: 这是auth和登录脚本:
UPDATE It would appear that sessions in general are not working. 更新似乎一般而言,会话无法正常工作。 Took out session_regenerate_id() just to see if it would work and it just redirects me every time, as though the $_SESSION['MD_SESS_ID'] were blank. 拿出session_regenerate_id()只是看它是否可以工作,并且每次都重定向我,好像$_SESSION['MD_SESS_ID']为空。 Really stuck here, any ideas would be appreciated. 真的卡在这里,任何想法将不胜感激。 Cookies on the device are enabled, using a Blackberry Bold 9650. It works on my iPod Touch and every browser on my PC. 使用Blackberry Bold 9650在设备上启用了Cookie。它可以在iPod Touch和PC上的每个浏览器上运行。
Login 登录
<?php
session_start();
include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php';
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return $str;
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
if ($username != "" && $password != "") {
$getUser = $db->prepare("SELECT id, username, password, salt FROM uc_dev WHERE username = ? LIMIT 1");
$getUser->execute(array($username));
$userDetails = $getUser->fetch();
$dbPW = $userDetails['password'];
$dbSalt = $userDetails['salt'];
$hashedPassword = hash('sha512', $dbSalt . $password);
if ($hashedPassword == $dbPW) {
//Login Successful
session_regenerate_id();
$_SESSION['MD_SESS_ID'] = $userDetails['id'];
header('Location: http://somewhere.com');
session_write_close();
} else {
header('Location: http://www.somewhere.com');
exit();
}
} else {
header('Location: http://somewhere.com');
exit();
}
?>
Auth 验证码
<?php
//Start the session
session_start();
//Verify that MEMBER ID session is present
if(!isset($_SESSION['MD_SESS_ID']) || (trim($_SESSION['MD_SESS_ID']) == '')) {
$_SESSION = array();
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: http://somewhere.com");
exit();
}
?>
1 个解决方案
解决方案1
2 已采纳 2011-01-05 02:21:56
A while ago, I was doing some Blackberry development, and found out that the browser couldn't handle multiple cookies with the same name. 前一段时间,我正在做一些Blackberry开发,发现浏览器无法处理多个同名的cookie。 Not sure if they've fixed this yet. 不确定他们是否已解决此问题。
So if you're sending out the Set-Cookie header more than once (using setcookie , session_start , or session_regenerate_id ), using the same name each time, this could be causing your problem. 因此,如果您多次发送Set-Cookie标头(使用setcookie , session_start或session_regenerate_id ),并且每次都使用相同的名称,则可能会导致问题。
You might want to keep track of the cookies you need to output, in an object or array, and only send them to the browser at the very end of the request. 您可能想要在对象或数组中跟踪需要输出的Cookie,并仅在请求结束时将其发送到浏览器。 This way, if you need to change their values in the middle of the request, you can just overwrite the array's value, rather than sending out another cookie header. 这样,如果您需要在请求的中间更改它们的值,则可以覆盖该数组的值,而不用发送另一个Cookie标头。
This page may also help -- someone linked to it from PHP's session_regenerate_id page. 此页面也可能有帮助-有人从PHP的session_regenerate_id页面链接到此页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.