为什么php每次都在测试环境(WAMP)中生成相同的会话id?
[英]why is php generating the same session ids everytime in test environment (WAMP)?
问题描述
i've configured wamp in my system, and am doing the development cum testing in this local environment. 
我已经在我的系统中配置了wamp,并且正在本地环境中进行开发和测试。 i was working on the logout functionality, and happened to notice that the session ids being generated are same within the browser. 我正在研究注销功能,并且碰巧注意到生成的会话ID在浏览器中是相同的。
Eg - chrome always generates session id = abc, for all users even after logging out and logging in; 例如 - 即使在注销并登录后,chrome也会为所有用户生成会话ID = abc; IE always generates session id = xyz, for all users. IE总是为所有用户生成session id = xyz。
Is this an issue with wamp/ my test environment? 这是wamp /我的测试环境的问题吗?
please find below my logout php script - 请在下面找到我的注销php脚本 -
<?php
session_start();
$sessionid = session_id();
echo $sessionid;
session_unset();
session_destroy();
?>
7 个解决方案
解决方案1
7 已采纳 2011-05-20 18:42:19
You probably still have the cookie with the old session ID in it as neither session_unset nor session_destroy deletes that cookie: 您可能仍然拥有包含旧会话ID的cookie,因为session_unset和session_destroy都没有删除该cookie:
In order to kill the session altogether, like to log the user out, the session id must also be unset.
setcookie()may be used for that.setcookie()可能会用于此。
So use setcookie to invalidate the session ID cookie after logout: 因此,在注销后使用setcookie使会话ID cookie无效:
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
Another recommendation is to regenerate the session ID after successful authentication using session_regenerate_id(true) . 另一个建议是使用session_regenerate_id(true)在成功验证后重新生成会话ID。
解决方案2
3 2012-11-29 08:54:10
Will work. 将工作。 Please try this 请试试这个
session_start();
session_regenerate_id(TRUE);
session_destroy();
解决方案3
2 2011-05-20 18:35:41
You must regenerate the session id using function session_regenerate_id() . 您必须使用函数session_regenerate_id()重新生成会话ID。 Without that, the session ID would be the same between page refreshes. 没有它,会话ID在页面刷新之间是相同的。
解决方案4
2 2011-05-20 18:40:07
session_destroy() destroys all of the data associated with the current session.
In order to kill the session altogether, like to log the user out, the session id must also be unset.
Taken from http://php.net/manual/en/function.session-destroy.php 取自http://php.net/manual/en/function.session-destroy.php
解决方案5
1 2011-05-20 18:41:17
session_unset() and session_destroy() do not delete the session cookie. session_unset()和session_destroy()不会删除会话cookie。 You have to manually unset it with a setcookie() call. 您必须使用setcookie()调用手动取消设置它。
session_unset is the converse of session_register() , and session_destroy simply cleans out $_SESSION without affecting the cookie. session_unset与session_register()相反,session_destroy只是清除$ _SESSION而不影响cookie。
解决方案6
1 2011-05-20 18:42:40
from the manual (session_destroy): 从手册 (session_destroy):
session_destroy() destroys all of the data associated with the current session.
In order to kill the session altogether, like to log the user out, the session id must also be unset.
Unless you specifically unset the cookie, then the cookie will still exist and the next time session_start() is called, it will use that as the session id. 除非您专门取消设置cookie,否则cookie仍然存在,并且下次调用session_start()时,它将使用它作为会话ID。 Closing the browser also should clear the cookie because they are generally set by php to expire on browser close. 关闭浏览器也应该清除cookie,因为它们通常由php设置为在浏览器关闭时到期。
解决方案7
0 2017-09-14 08:11:36
To stop session hijacking follow the below code in PHP 要停止会话劫持,请按照PHP中的以下代码进行操作
session_start();
/* to stop session hijacking */
// Generate new session without destroying the old one
session_regenerate_id(false);
// Fetch current session ID and close both sessions to allow other scripts to use them
$newSession = session_id();
session_write_close();
// Assign session ID to the new one, and start it back up again
session_id($newSession);
session_start();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.