为什么我的会话变量不跨站点工作?
我显然是在我的代码中设置它们,否则登录时管理员不会重定向到管理页面。
如果有人对这个问题有什么建议,为什么$ _SESSION vars没有保存等我会很感激。
使用IIS 7和FastCGI,php.ini是默认值。
代码示例:
<?php session_start();
/* Include database config file. */
include("db_config.php");
/* If POST request do code. */
if ($_SERVER['REQUEST_METHOD']=='POST')
{
/* Set variables for form fields. */
$username=$_POST["username"];
$password=$_POST["password"];
/* Queries on login. */
$query_params=array($username,$password);
$query="SELECT * FROM users WHERE username=? AND password=?";
$qresults=sqlsrv_query($dbconnect,$query,$query_params);
$permission_q="SELECT permission FROM users WHERE username=? AND password=?";
$permission_qr=sqlsrv_query($dbconnect,$permission_q,$query_params);
$firstname_q="SELECT firstname FROM users WHERE username=? AND password=?";
$firstname_qr=sqlsrv_query($dbconnect,$firstname_q,$query_params);
$lastname_q="SELECT lastname FROM users WHERE username=? AND password=?";
$lastname_qr=sqlsrv_query($dbconnect,$lastname_q,$query_params);
/* If any queries fail then kill script. */
if(sqlsrv_fetch($firstname_qr)===false)
{
die("Firstname couldn't be verified, terminated connection.");
}
$firstname=sqlsrv_get_field($firstname_qr,0);
if(sqlsrv_fetch($lastname_qr)===false)
{
die("Lastname couldn't be verified, terminated connection.");
}
$lastname=sqlsrv_get_field($lastname_qr,0);
if(sqlsrv_fetch($permission_qr)===false)
{
die("Permissions could not be verified, terminating connection.");
}
$permissions=sqlsrv_get_field($permission_qr,0);
/* If the username and password query results exist then do code. */
if(isset($qresults))
{
/* Number of rows is fetch array of username and pass results. */
$num_rows=sqlsrv_fetch_array($qresults,SQLSRV_FETCH_NUMERIC);
/* If rows is not null or is set then do code. */
if($num_rows!=null)
{
$_SESSION['username']=$username;
$_SESSION['firstname']=$firstname;
$_SESSION['lastname']=$lastname;
$_SESSION['permissions']=$permissions;
/* If permissions is equivelant to admin send to admin page. */
if($_SESSION['permissions']==="admin")
{
session_write_close();
echo '<meta http-equiv="refresh" content="0; url=./content/admin_dash.php">';
die();
//endif
}
else
{
session_write_close();
echo '<meta http-equiv="refresh" content="0; url=./content/user_dash.php">';
die();
//endelse
}
//endif
}
else
{
//elseif num_rows not true
echo "Invalid Login.<br/>Your credentials did not match or there was an error.<br/>";
$_SESSION['username'] = '';
if(sqlsrv_errors(SQLSRV_ERR_ALL)==null)
{
echo "No errors detected.";
//endif
}
else
{
echo "Errors detected:<br/>";
print_r( sqlsrv_errors(SQLSRV_ERR_ALL));
//endelse
}
//endelse
}
//endif
}
else
{
die("Error with query. Contact your system admin.");
//endelse
}
//endif
}
else
{
die("Request was not POST. Please use login page.");
//endelse
}
?>
答案 0 :(得分:3)
因为这不是会话(通常)的工作方式。会话cookie只存储会话ID。 会话中的实际信息仅存储在服务器上。
答案 1 :(得分:0)
cookie只允许PHP查找存储在Web服务器上的会话变量(作为文件或数据库)。它增加了额外的安全性,因为人们无法嗅探数据值,也不需要cookie变得很长。
答案 2 :(得分:0)
如前所述,会话cookie仅存储会话ID。
如果您要保存到包含自定义内容的Cookie,请参阅此帖子。 http://davidwalsh.name/php-cookies
答案 3 :(得分:0)
我发现了问题,C:\ Windows \ Temp文件夹权限尚未设置为从IIS_IUSRS用户接受,从而阻止IIS保存Temp文件夹中的任何内容,包括会话。