stackoom
  简体   繁体   中英

PHP Session Modified on redirect

 原文  2014-10-30 16:55:15       php/ session/ redirect

Question

I am having a weird issue where for some unknown reason my $_SESSION['last_uri'] variable is being modified on a js redirect.

This is where we define the SESSION variable, currently it displays as '/training_management': 

echo 'SESSION: ' . $_SESSION['last_uri'];

if ( !(preg_match('/login/', $_SERVER['SCRIPT_NAME'])) && !(preg_match('/denied/',       $_SERVER['SCRIPT_NAME'])) ) {
    $_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];

This is where we redirect to a new page: 

$("#login_button").click(function() {
    var name = $("input[name$=name]").val();
    var pw = encodeURIComponent($("input[name$=password]").val());
    var query = "func=login&name=" + name + "&password=" + pw;
    ajaxRequest(query, function(data) {
        console.log(data);
        data = data.replace(/(\r\n|\n|\r|\s)/gm, "");
        if (!data || data == 0) {
            failureMsg(_("Incorrect login data."));
        } else {
            window.location.replace("redirect");
        }
    });
});

This then redirects to redirect.php which shows the following as the value '/tpl/css/images/ui-icons_222222_256x240.png': 

if ( $_SESSION['last_uri'] ) {
    echo $_SESSION['last_uri'];

    //header("Location: " . $_SESSION['last_uri']);
}

Where / How is the SESSSION variable changed?

HERE are my rewrite rules: 

# No www
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

# No likey .php
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php

# Some more Security
RewriteEngine On
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ /security [R=301,L]

1 answers

solution1
 1 ACCPTED  2014-10-30 16:59:31

This is probably what happend (see comments): 

echo 'SESSION: ' . $_SESSION['last_uri']; // display /training_management

if ( !(preg_match('/login/', $_SERVER['SCRIPT_NAME'])) && !(preg_match('/denied/',       $_SERVER['SCRIPT_NAME'])) ) {
    $_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
    echo 'NEW SESSION: ' . $_SESSION['last_uri']; // display /tpl/css/images/ui-icons_222222_256x240.png
}

Other possibilities:

  • /tpl/css/images/ui-icons_222222_256x240.png not found redirect to a PHP page that modify the session.
  • session_start() is missing.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP Session not saving for redirect Php Session Redirect Page php session is lost on redirect Cache-Control Header Modified By PHP Session? php redirect using session data Redirect in PHP regarding on session variable Can php's session_reset be used to reload a modified session? Php Redirect with multiple session variable PHP session variables not available on redirect PHP Redirect with data session destroys
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM