会话变量在刷新页面时重置(注销用户)

时间:2013-03-14 17:10:01

标签: php authentication session-variables

我正在使用PHP身份验证系统登录用户。登录用户工作正常,但是,刷新页面(在任何页面上)会话变量重置并且用户“已注销”。我在每个页面上使用session_start()。我有文件auth.php和authenticate.php来记录和验证用户。这是一个令人沮丧的问题,我们将不胜感激。我会在这里给你代码:

auth.php:

<?php
function credentials_valid($email, $password) {
    $email = mysql_real_escape_string($email);
    $query = "SELECT `id`, `salt`, `password` 
              FROM `#######` 
              WHERE `email` = '$email' ";

    $result = mysql_query($query);
    if(mysql_num_rows($result)) {
        $user = mysql_fetch_assoc($result);

        $password_requested = sha1($user['salt'] . $password);
        if($password_requested === $user['password'])   {
            return $user['id'];
            }   
        }
    return false;
}

//logs into the user $user
function log_in($user_id){
    $_SESSION['user_id'] = $user_id;

}

//Returns the currently logged in user (if any)
function current_user(){
    static $current_user;
    if(!$current_user) {
        if($_SESSION['user_id']){
            $user_id = intval($_SESSION['user_id']);
            $query = "SELECT * 
                         FROM `#######` 
                         WHERE `id` = $user_id";

            $result = mysql_query($query);
            if(mysql_num_rows($result)){
                $current_user = mysql_fetch_assoc($result);
                return $current_user;
                }
            }
        }
        return $current_user;
    }


//Requires a current user
function require_login() {
    if(!current_user()){
        $_SESSION['redirect_to'] = $_SERVER["REQUEST_URI"];
        header("Location: index.php");
        exit("You must log in.");

}
}

?>

authenticate.php:

<?php
session_start();
require_once "database.php";
db_connect();
require_once "auth.php";


$user_id = credentials_valid($_POST['username'], $_POST['password']);
if($user_id){
    log_in($user_id);

    if($_SESSION['redirect_to']){
        header("Location: " . $_SESSION['redirect_to']);
        unset($_SESSION['redirect_to']);

    }else{
        header("Location: index.php");          
    }

}else{
        header("Location: login.php?error=1");
        exit("You are being redirected");       
}

?>

在我的一个用户登录的页面上,我在php标题中有这个:

<?php

    session_start();
    require_once "database.php";
    db_connect();
    require_once "auth.php";

    $current_user = current_user();

if(isset($_GET["logout"]) && $_GET["logout"]==1)
    {
        //User clicked logout button, distroy all session variables.
        session_destroy();
        header('Location: '.$return_url);
    }
?>

系统不稳定。有时如果我在登录后立即刷新页面,会话变量将立即被销毁。其他时候,用户将在连续几次刷新后保持登录状态。请告诉我你看到的问题。谢谢!

1 个答案:

答案 0 :(得分:2)

请注意在PHP代码的每个页面上使用session_start()的重点,并且从您的代码中看来,某些页面似乎不包含session_start();

您的代码的另一件事:

    header("Location: " . $_SESSION['redirect_to']);
    unset($_SESSION['redirect_to']);

必须将您的代码更改为:

    a=$_SESSION['redirect_to'];
    unset($_SESSION['redirect_to']);
    header("Location: " . $a);
    exit();

在不推荐重定向之后取消设置,并且您还必须关闭先前的进程,它有时会继续在后台运行该进程。你不建议你在header命令之后尝试什么..

相关问题
最新问题