PHP会话超时太快了

时间:2013-07-23 15:06:50

标签: php session

我有一个网页index.php它是一个将用户登录到会话中的表单。

<?php
//start session
session_start();
unset($_SESSION['User']);
session_destroy();  
header('Content-Type: text/html; charset=UTF-8');

//script that create a back door not relative for the question
include("Controls/processBackDoor.php");
?>
<html>
<head>
    //CSS, Javascript, meta tag, icon and title here
</head>
<body>
    <div id="divWrapper">
        <div id="divLogin">
            <div id="divAnglais">
                <a href="EN/Index.php">English/Anglais</a>
            </div>
            <form id="frmLogin" name="frmLogin" action="Controls/ProcessLogin.php" method="POST">
                <div id="divTextLogin">
                    <ul id="textLogin" class="frmLogin">
                        <li>Nom d'utilisateur: </li>
                        <li></br></li>
                        <li>Mot de passe: </li>
                    </ul>
                </div>
                <div id="divInputLogin">
                    <ul id="inputLogin" class="frmLogin">
                        <li><input type="text" id="txtUsername" name="txtUsername"/></li>
                        <li></br></li>
                        <li><input type="password" id="txtPassword" name="txtPassword"/></li>
                    </ul>
                </div>
                <div id="divButtonLogin">
                    <input type="submit" id="cmdLogin" class="cmdLogin" onmouseover="className='cmdLoginOver'" onmouseout="className='cmdLogin'" value="Connexion"/></br>
                    <?php
                    if(isset($_SESSION['msg']))
                    {
                        echo "<div class='divLogin'>".$_SESSION['msg']."</div>";
                    }
                    ?>
                </div>
            </form>
        </div>
    </div>
</body>
</html>

正常形式。以下是验证用户的代码:

<?php
//resume session
session_start();
header('Content-Type: text/html; charset=UTF-8');
//those are the classes used to connecte to the DB
include("../Models/cConnexion.php");
include("../Models/cConstanteConnexion.php");
include("../Models/cUser.php");

//Connexion
$cn = new cConnexion($ConnexionWebHost, $ConnexionWebDBName, $ConnexionWebLogin, $ConnexionWebPassword);

//reset session variables
$_SESSION['User'] = null;
$_SESSION['Group'] = null;
$_SESSION['Site'] = null;

if($cn->DBConnexion())
{
$user = array('username'=>$_POST['txtUsername'], 'password'=>$_POST['txtPassword']);
$getUser = $cn->SecureSelect("SELECT 
                            us_username, us_password, us_firstName,
                            us_lastName, us_email

FROM user 
                        WHERE BINARY us_username = :username 
                            AND BINARY us_password = :password", $user);

if($getUser <> null)
{

    while($User = $getUser->fetch())
    {

        $_SESSION['User'] = $User;

    }
}

if(isset($_SESSION['User']))
{
    unset($_SESSION['msg']);
    header("Location: ../Pages/Accueil.php");
}
else
{
    $_SESSION['msg'] = "Votre username ou votre mot de passe est invalide.";
    header("Location: ../Index.php");
}
}

?>

最后,我在每个其他页面上都有此代码来验证用户是否登录。如果他没有登录,他必须重定向到index.php,这样他才能登录。

if(!isset($_SESSION['User']) || $_SESSION['User'] == null)
{
header("Location: ../Index.php");
}

问题在于,每次页面之间的更改都会将我重定向到index.php。 我想也许我在代码中的其他地方取消了会话,但我检查它看起来不像它。

任何人都知道导致重定向的原因是什么?

1 个答案:

答案 0 :(得分:0)

// server should keep session data for AT LEAST 1 hour
ini_set('session.gc_maxlifetime', 3600);

// each client should remember their session id for EXACTLY 1 hour
session_set_cookie_params(3600);

session_start(); // ready to go!