我正在创建一个简单的oauth网站。
在index.php:
<?php
session_start();
if (empty($_SESSION['authentication']))
$_SESSION['authentication'] = 'pending';
?>
<html>
<form action="oauth.php" method="post">
<span>
<?php
echo $_SESSION['authentication'];
?>
</span>
<input type="hidden" name="action" value="authenticate">
<input type="submit" value="authenticate">
</form>
</html>
在oauth.php:
<?php
session_start();
if (isset($_POST['action']) and $_POST['action'] == 'authenticate') {
$url = $serverAuth ... ;
header('Location: ' . $url); //google oauth, it will come back to oauth.php
exit();
}
if (isset($_GET['code'])) {
$ch = curl_init($serverToken);
$result = curl_exec($ch);
$tokens = json_decode($result, true);
if (isset($tokens['access_token'])) {
$_SESSION['authentication'] = 'good';
$_SESSION['access_token'] = $tokens['access_token'];
} else {
$_SESSION['authentication'] = 'error';
}
header('Location: ./');
exit();
}
if (isset($_GET['error'])) {
if ($_GET['error'] == 'access_denied')
$_SESSION['authentication'] = 'denied';
else
$_SESSION['authentication'] = 'error';
header('Location: ./');
exit();
}
?>
我想让网站像:默认情况下,$_SESSION['authentication']是“待定”;当我刷新页面时,每个会话变量都消失了,$_SESSION['authentication']重置为默认值。但我无法在$_SESSION开头重置index.php,因为oauth.php中的功能会header()重定向到此页面。
如何处理?
答案 0 :(得分:0)
您必须在需要访问$_SESSION 的每个网页上开始会话。仅在明确请求时销毁它,例如注销。