提交表单后PHP会话数据丢失,但仅限于生产环境,测试环境有效

时间:2013-04-04 23:55:16

标签: php session http-post session-variables captcha

所以我有一个我正在开发的测试环境和一个我最终将代码部署到的生产环境。我现在拥有的代码适用于我的测试环境,但不适用于我的生产环境。所以这似乎是一个环境问题,但如果是,我不知道要改变哪个设置。

现在我正在尝试测试一个简短的联系页面,其中包含一个简短的表单和验证码图像。联系页面设置一个会话变量,其中包含验证码图像中显示的security_code,以便在下一页上称为contactSanitize,我可以从会话中读取该变量并验证用户是否输入了正确的代码。

同样,这在测试环境中运行良好。但是,在生产环境中,我可以填写表单并提交它,此时会话数据丢失,contactSanitize页面将我发送回联系页面,因为它没有看到我输入的代码。

我在这些页面的任何地方都没有session_destroy调用,并且我不会意外地将$ _SESSION变量设置为空数组或其他任何内容(我检查了两次和三次 - 它也适用于测试环境,所以它不可能那样)

以下是我日志中的代码段 - 每行包含时间戳,如果可用,还包含会话ID以及我的评论。您可以看到,事实上contactSanitize确实具有相同的会话ID,因为会话本身由于某种原因是空的。

这是contact.php页面: 

DEBUG  2013-04-04 18:23:07 (varsAndSecurityCheck.php:74) Page requires security, checking to see if authenticated user.
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:07 (varsAndSecurityCheck.php:82) authenticated = false
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:130) just before security image
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:134) invoking security image functions
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (CaptchaSecurityImages.php:42) code: hwjdtvw7
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:137) after security image functions, SESSION: Array
(
    [security_code] => hwjdtvw7
)
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:152) Just after security image

我现在提交表单并转到contactSanitize.php验证用户输入: 

DEBUG  2013-04-04 18:23:24 (varsAndSecurityCheck.php:74) Page requires security, checking to see if authenticated user.
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:24 (varsAndSecurityCheck.php:82) authenticated = false
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (contactSanitize.php:8) SESSION: Array
(
)

如您所见,会话为空,因此验证失败: 

DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (contactSanitize.php:26) No security code and not authenticated, sending to contact page.
DEBUG  2013-04-04 18:23:26 (varsAndSecurityCheck.php:74) Page requires security, checking to see if authenticated user.
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (varsAndSecurityCheck.php:82) authenticated = false

我被发送回contact.php页面,其中生成了新的安全代码: 

DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:130) just before security image
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:134) invoking security image functions
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (CaptchaSecurityImages.php:42) code: xb66q6jy
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:137) after security image functions, SESSION: Array
(
    [security_code] => xb66q6jy
)
DEBUG c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:152) Just after security image

修改

我添加了一些额外的日志记录,以显示session_start调用发生在两个页面的开头。以下行现在出现在contact和contactSanitize页面的开头:

DEBUG  2013-04-04 19:26:15 (varsAndSecurityCheck.php:74) Page requires security, checking to see if authenticated user.
DEBUG  2013-04-04 19:26:15 (varsAndSecurityCheck.php:78) page is secure, starting session now.

这是varsAndSecurityCheck.php页面中的一个小片段,用于显示日志来自“开始会话”的日志: 

$log->debug("page is secure, starting session now.");
session_start();

以下是我的代码中来自contact.php的相关部分: 

<?php
    ...
    //session is started by this first include when secure connection is verified
    include_once "../includes/varsAndSecurityCheck.php";
    //this just connects to my database, no session manipulation here
    include_once "../includes/dbConnect.php";
    //this includes some functions for generating a captcha image
    include_once "../captcha/CaptchaSecurityImages.php";

    //this is just including some basic styling and navigation  
    include '../includes/header.php';
?>
...
    <form method="post" action="contactSanitize.php">
    ...
            $log->debug("just before security image");
        ?>
            <div class="centerText">
                <?php
                    $log->debug("invoking security image functions");
                    $_SESSION['security_code'] = generateCode(8);
                    $log->debug("after security image functions, SESSION: ".print_r($_SESSION,true));
                ?>  
                <?=captchaSecurityImages($_SESSION['security_code'],320,70)?>

            </div>
            ...
            <div class="centerText">
                <input id="security_code" name="security_code" type="text" maxlength="8" />
                <br><br>
                <input type="submit" name="submit" value="Send Message" class='generalFormButton' />
            </div>
        <?
            $log->debug("Just after security image");
        }

        ?>

这是我的contactSanitize页面的第一部分,您可以看到它在第一个条件下失败: 

<?php

//this starts the session when secure connection is made
include_once "../includes/varsAndSecurityCheck.php";
//This connects to database, no session manipulation here
include_once "../includes/dbConnect.php";
//This includes some e-mail functions, no session manipulation
include_once '../includes/mail.php';

$log->debug("SESSION: ".print_r($_SESSION,true));


$_SESSION['formData'] = array('visitor_name' => $_POST['visitor_name'],
                'visitor_email' => $_POST['visitor_email'],
                'ReasonForContacting' => $_POST['ReasonForContacting'],
                'message_body' => $_POST['message_body']
            );

if(!isset($_SESSION['security_code']) && !$authenticated)
{
    $log->debug("No security code and not authenticated, sending to contact page.");
    $_SESSION['contactError'] = "You must type the security code before sending a message.";
    header("Location: contact.php");
    exit();
}
...

1 个答案:

答案 0 :(得分:0)

根据我上次的评论,“会话保存路径”未正确设置,现在我的托管服务提供商已对其进行了更正。

相关问题
最新问题