我有一个带有会话的登录脚本,但我的问题是,当用户登录了几分钟后,他们会因某种原因自动注销。
这是我正在使用的完整登录脚本:
class session {
// Start the session
function sec_session_start() {
$session_name = 'nopedotjava'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
ini_set('session.cookie_lifetime', 60 * 60 * 24 * 7);
ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 7);
ini_set('session.save_path', '/customers/7/7/e/****.com/httpd.www/jobb/sessions');
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.
echo $cookieParams['lifetime'];
}
// Login Function
function login($username, $password, $mysqli) {
// Using prepared Statements means that SQL injection is not possible.
$stmt = $mysqli->stmt_init();
if ($stmt->prepare("SELECT id, password FROM workers WHERE username = ? LIMIT 1")) {
$stmt->bind_param('s', $username); // Bind "$username" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
$stmt->bind_result($uid, $db_password); // get variables from result.
$stmt->fetch();
$key = "*************************************";
$newPassword = pass_decrypt($db_password, $key); // encode password
if($stmt->num_rows == 1) { // If the user exists
if($newPassword == $password) { // Check if the password in the database matches the password the user submitted.
// Password is correct!
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
$uid = preg_replace("/[^0-9]+/", "", $uid); // XSS protection as we might print this value
$_SESSION['uid'] = $uid;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512', $db_password.$user_browser);
// Login successful.
return true;
}
else{
// Password is not correct
// We record this attempt in the database
return false;
}
}
}
else {
// User do not exist
return false;
}
}
// Check if a user is logged in or not.
function login_check($mysqli) {
// Check if all session variables are set
if(isset($_SESSION['uid'], $_SESSION['username'], $_SESSION['login_string'])) {
$uid = $_SESSION['uid'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
$stmt = $mysqli->stmt_init();
if ($stmt->prepare("SELECT password FROM workers WHERE id = ? LIMIT 1")) {
$stmt->bind_param('i', $uid); // Bind "$uid" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if($stmt->num_rows == 1) { // If the user exists
$stmt->bind_result($password); // get variables from result.
$stmt->fetch();
$login_check = hash('sha512', $password.$user_browser);
if($login_check == $login_string) {
// Logged In!!!!
return true;
}
else{
// Not logged in
return false;
}
}
else{
// Not logged in
return false;
}
}
else{
// Not logged in
return false;
}
}
else{
// Not logged in
return false;
}
}
}
正如您所看到的,我已经更改了ini设置,因此cookie和会话生命周期很长。 session.gc_probability / session.gc_divisor是1/1000。 任何线索为什么会发生这种情况?提前谢谢!