会话无效

时间:2016-05-28 12:08:22

标签: php session

您好我已经创建了登录系统,但由于某些原因它无法运行,我在一次登录后启动会话,然后检查会话是否为isset以及会话是否不超过1小时:

这是我在index.php上的登录脚本:

<?php
require 'mysql.php';

if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] > 3600){
    session_start();
    session_unset();
    session_destroy(); 

} 

if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] < 3600){ 
    header('Location: main.php');
}



if (isset($_POST["login"])){

    $username = $_POST["username"];
    $password = $_POST["password"];

    $stmt = $connect->prepare("SELECT username, password FROM users WHERE username=? ");
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $result = $stmt->get_result();
    $rowcount = $result->num_rows;
        if ($rowcount > 0){

                while ($row = $result->fetch_assoc()) {
                    if ($row["username"] == $username && $row["password"] == $password){

                        if(!isset($_SESSION)) {
                             session_start();
                        }
                            $_SESSION["username"] = $username;
                            $_SESSION["usertype"] = $row["usertype"];
                            $_SESSION["userid"] = $row["id"];
                            $_SESSION["CREATED"] = time();
                        header('Location: main.php');

                    } else {
                        $error_msg2 = "Username or password does not mach";
                        $error2 = "error";
                    }
                }
        } else {
            $error_msg2 = "No such user";
            $error2 = "error";
        }

    echo $error_msg2;
    $stmt->close();
    $connect->close();

}

?>

这是main.php代码:

if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] > 3600){
    session_start();
    session_unset();
    session_destroy(); 
     header('Location: index.php');
} 

所以你登录的那些你将被重定向到main.php并且如果会话被设置你应该无法访问index.php cuz如果你试试你并且会话没有过期你将被重定向回你main.php相同如果主会话已过期,您将被重定向回index.php进行登录,但无论您是否登录,或者您都可以自由地在它们之间走动

3 个答案:

答案 0 :(得分:1)

您必须先调用session_start()才能使用$ _SESSION。

<?php
require 'mysql.php';
session_start();

if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] > 3600){

    session_unset();
    session_destroy(); 
} 

答案 1 :(得分:1)

我有个建议。创建会话验证功能。

function sessionValidate($username,$id=NULL)
{
    $status = session_status();

    if($status == PHP_SESSION_NONE)
    {
        //There is no active session
        session_start();
    }


    if(!isset($_SESSION[$username]))
    {

        return false;
    }

    $id = $_SESSION[$roleid];

    if((time()- $_SESSION["created"]) >= 3600)
    {
        session_destroy();
        return false;
    }


    return $id;
}

并在每个页面中检查它或在标题页中使用它。

if(!($userid=sessionValidate($username)))
{
    error_log("No session logging out ....");
    header('Location: index.php');
}

更新::

定义

  

session_status - 返回当前会话状态

返回值

PHP_SESSION_DISABLED - 如果会话被禁用。

PHP_SESSION_NONE - 如果已启用会话,但不存在会话。

PHP_SESSION_ACTIVE - 如果会话已启用且存在会话。

答案 2 :(得分:1)

在任何情况下都应该致电session_start - 它会为$_SESSION填充值。它也足以取消设置$_SESSION['username'],不需要销毁整个会话 - PHP可以解决这个问题。这是应该工作的代码:

<强>的index.php

<?php
require 'mysql.php';

session_start();
if (isset($_SESSION['username'])) {
    if ($_SESSION['CREATED'] < 3600) {
        header('Location: main.php');
        exit;
    }

    unset($_SESSION['username']);
}


if (isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = $connect->prepare('SELECT username, password FROM users WHERE username=? LIMIT 1');
    $stmt->bind_param('s', $username);
    $stmt->execute();
    $result = $stmt->get_result();
    $rowcount = $result->num_rows;

    if ($rowcount > 0) {
        $row = $result->fetch_assoc();

        if ($row['username'] == $username && $row['password'] == $password) {
            $_SESSION['username'] = $username;
            $_SESSION['usertype'] = $row['usertype'];
            $_SESSION['userid'] = $row['id'];
            $_SESSION['CREATED'] = time();

            header('Location: main.php');
            exit;
        } else {
            $error_msg2 = 'Username or password does not mach';
            $error2 = 'error';
        }
    } else {
        $error_msg2 = 'No such user';
        $error2 = 'error';
    }

    echo $error_msg2;
    $stmt->close();
    $connect->close();
}

<强> main.php

session_start();
if (!isset($_SESSION['username']) || time() - $_SESSION['CREATED'] > 3600){
    unset($_SESSION['username']);
    header('Location: index.php');
    exit;
}