[英]Problems with Login/Logout Session
我正在嘗試創建一個登錄系統,該系統將根據登錄類型顯示不同的頁面。 (即以管理員身份或其他各種角色登錄)
它由三個文件組成:
Login.php-在此提交各種表單,並根據表單值名稱將會話變量設置為正確的級別(例如admin等)
Logout.php-取消設置前面提到的變量。
Dashboard.php-檢查是否設置了變量,如果已設置,則加載相關事件信息,如果未設置,則發送回index.php
請在下面的代碼中找到:
Login.php
<?php
session_start();
if (isset($_POST['uname_driver']))
{
$username = $_POST['uname_driver'];
$hpassword = password_hash($_POST['hpass_driver'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "driver";
header("Location: dashboard.php");
}
if (isset($_POST['uname_restaurant']))
{
$username = $_POST['uname_restaurant'];
$hpassword = password_hash($_POST['hpass_restaurant'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "restaurant";
header("Location: dashboard.php");
}
if (isset($_POST['uname_admin']))
{
$username = $_POST['uname_admin'];
$hpassword = password_hash($_POST['hpass_admin'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "admin";
header("Location: dashboard.php");
}
Logout.php- 編輯以反映Juned的答案,該答案解決了問題的一部分
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: index.php");
Dashboard.php
<?php
session_start();
include("header.php");
if (isset($_SESSION['loggedIn']))
{
switch ($_SESSION['loggedIn'])
{
case "admin":
include("admin_dashboard.php");
break;
case "driver":
include("driver_dashboard.php");
break;
case "restaurant":
include("restaurant_dashboard.php");
break;
}
}
else
{
header("Location: index.php");
}
?>
在出現工作日志精絕,直到我嘗試再次注銷 ,注銷與某個按鈕的儀表板和一個jQuery后,像這樣一個onclick事件來實現:
$('#logoutOfDashboard').click(function(e)
{
e.preventDefault();
var reallyLogout=confirm("Do you really want to log out?");
if(reallyLogout)
{
$.post('logout.php', {})
.done(function(data)
{
window.location.replace("/");
})
}
});
再次,這似乎可行,但是,如果我在URL欄中手動輸入/dashboard.php,則會按預期將我踢回到index.php。 現在,無論何時提交登錄表單,都應該重新創建會話變量,dashboard.php都會不斷地跳回索引,就像它不在那兒一樣,在此會話期間我將無法登錄。 幾乎就像會話變量在未設置時進行緩存,並且永遠無法重新設置
我嘗試添加各種無緩存標頭信息,例如:
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
但這似乎沒有效果。 任何幫助或有識之士將不勝感激。
編輯
Index.php
<?php
include("header.php");
?>
<body>
<div class="container">
<div class="jumbotron">
<h1>Website Coming Soon!</h1>
</div>
<div class="row marketing">
<div class="col-lg-6 center-block">
<a class="btn btn-lg btn-success btn-space center-block" href="/restaurant_login.php" role="button">Log In As Restaurant</a>
</div>
<div class="col-lg-6 center-block">
<a class="btn btn-lg btn-primary btn-space center-block" href="/driver_login.php" role="button">Log In As Driver</a>
</div>
</div>
<footer class="footer">
<p>© 2016</p>
</footer>
</div>
</body>
Header.php
<?php
date_default_timezone_set('Europe/London');
require_once('config.php');
require_once('functions.php');
function autoloader($class)
{
require_once(PUBLIC_BASE_PATH_PHP . "classes/$class.php");
}
spl_autoload_register("autoloader");
global $dbConn;
$dbConn = null;
if(!Database::connect())
{
die("Unable to connect to the database");
}
?>
<head>
<!-- Footer these scripts at end -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Merge these together and minify at end -->
<link rel="stylesheet" href="css/jumbotron-narrow.css">
<link rel="stylesheet" href="css/signin.css">
<link rel="stylesheet" href="css/style.css">
</head>
RestarauntLogin.php
<?php Header("Cache-Control: max-age=3000, must-revalidate");
include("header.php");
?>
<div class="container">
<form class="form-signin" action="/login.php" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputEmail" class="sr-only">Email</label>
<input type="email" name = "uname_restaurant" id="inputEmail" class="form-control" placeholder="Email" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name = "hpass_restaurant" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-success btn-block" type="submit">Sign in</button>
<a href = "/" class="btn btn-lg btn-primary btn-block" role="button">Back</a>
</form>
</div>
我試圖使用您的代碼在計算機上創建本地測試頁。 它似乎工作正常。 如果您正在處理會話和Cookie,並且進行了大量的測試或調試,有時會弄亂瀏覽器,那么我可能會提出什么建議。 嘗試清除您的緩存/ cookie。 我打算將其放在評論部分,但我沒有足夠的聲譽:)但是,如果這沒有幫助,請告訴我,並將其刪除。
您需要銷毀會話,因此,不僅要取消$ _SESSION [“ loggedin”]的設置,還需要通過占用會話cookie來完全銷毀會話。 PHP具有內置函數可以為您執行此操作:session_destroy();
請參閱: http : //php.net/manual/en/function.session-destroy.php
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
據我了解,這里發生的主要問題是維護整個系統的會話。
我已經為登錄系統編寫了一個簡單的代碼,相信有助於理解這一點。 在研究Aphire的代碼之前,我想提到沒有必要在代碼中使用Ajax,因為最后有頁面刷新,因此如果您直接將用戶重定向到logout.php上將是一個很好的選擇。
無論如何,請參見下面給出的代碼,這肯定有助於理解登錄系統中的會話使用。
login.php
<?php
$name = $_GET['name'];
session_start();
if(isset($_SESSION['loggedIn']))
{
header("Location: dashboard.php");
} else {
if (isset($name))
{
$_SESSION['loggedIn'] = $name;
header("Location: dashboard.php");
} else {
echo "Please provide correct input";
}
}
?>
logout.php
<?php
// Initialize the session.
session_start();
// Finally, destroy the session.
session_destroy();
header("Location: login.php");
?>
dashboard.php
<?php
session_start();
if (isset($_SESSION['loggedIn']))
{
switch ($_SESSION['loggedIn'])
{
case "admin":
echo "admin";
break;
case "driver":
echo "driver";
break;
case "restaurant":
echo "restaurant";
break;
default:
header("Location: login.php");
session_destroy();
}
}
else
{
header("Location: login.php");
}
?>
<a href="logout.php">Logout</a>
代替使用window.location.replace()
,嘗試使用window.location.href='/'
您是否嘗試過保留會話ID,而只是刪除會話數據? 我想沒有刪除會話ID的意義。
我正在談論從logout.php
刪除這段代碼:
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
因此, logout.php
現在看起來像:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
header("Location: index.php");
這應該足以“注銷”用戶。
我用您的代碼片段創建了一個小版本,並在我的本地主機上進行了嘗試,就像Roljhon一樣
一切似乎都正常。 我認為其他代碼或您的服務器配置可能有問題。 我不能說。
如果有幫助,請使用以下代碼進行測試:
loginForm.php
<?php
Header("Cache-Control: max-age=3000, must-revalidate");
//include("header.php");
?>
<div class="container">
<form class="form-signin" action="login.php" method="post">
<input type="email" name = "uname_restaurant" id="inputEmail" class="form-control" placeholder="Email" required autofocus>
<input type="password" name = "hpass_restaurant" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-success btn-block" type="submit">Sign in</button>
</form>
</div>
login.php
<?php
session_start();
if (isset($_POST['uname_restaurant']))
{
$username = $_POST['uname_restaurant'];
$hpassword = password_hash($_POST['hpass_restaurant'], PASSWORD_DEFAULT);
$_SESSION['loggedIn'] = "restaurant";
}
var_dump($_SESSION);
die("Location: dashboard.php");
dashboard.php
<?php
session_start();
//include("header.php");
if (isset($_SESSION['loggedIn']))
{
switch ($_SESSION['loggedIn'])
{
case "admin":
die("admin_dashboard.php");
break;
case "driver":
die("driver_dashboard.php");
break;
case "restaurant":
die("restaurant_dashboard.php");
break;
}
}
else
{
die("Location: index.php");
}
logout.php
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
die("Location: index.php");
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.