如何使PHP会话变量持久化?

时间:2016-05-14 01:02:29

标签: php session

我注意到包括以下几行PHP代码以防止会话固定或劫持似乎导致会话变量不能跨页面持久化。

我的诊断显示,如果删除这些代码行,会话变量将存储在会话文件中,这将解决会话变量持久性问题。

<?php

if (!isset($_SESSION['login'])) 
{ 
   session_regenerate_id(true); 
   $_SESSION['login'] = 1; 
} 

Additional layers of defense to prevent session hijacking

validate_session($_SERVER['SERVER_NAME']);

// These functions are used to defend against session hijacking

function validate_session($url)
{
    if (strpos($_SERVER['HTTP_REFERER'], $url) !== 0 ||
        isset($_GET['LOGOUT']) ||
        $_SERVER['REMOTE_ADDR'] !== $_SESSION['PREV_REMOTEADDR'] ||
        $_SERVER['HTTP_USER_AGENT'] !== $_SESSION['PREV_USERAGENT'])
      session_destroy();
    #time-out logic

    session_regenerate_id(true); // generate a new session identifier

    $_SESSION['PREV_USERAGENT'] = $_SERVER['HTTP_USER_AGENT'];
    $_SESSION['PREV_REMOTEADDR'] = $_SERVER['REMOTE_ADDR'];
}

?>

我可以改变什么才能让它发挥作用?

0 个答案:

没有答案