Question

我有一个用户登录的登录网页。然后该页面被重定向到一个临时页面，如loginvalidte.php。此页面将用户数据保存在Session中，并将请求转发到index.php页面，该页面包含一些用户数据，并且还有一个注销按钮，该按钮被重定向到login.php

简而言之，

login.php   - For user to enter username and password
loginvalidate.php  - Session values are initialized
index.php   - Dashboard page with logout button

以下是我的网页：

的login.php

<!DOCTYPE html>
<?php

//session_unset();
session_destroy();
$_SESSION = array();

$authError='false';
if($_GET['AuthCheck']=='failed'){
        $authError='true';
}
if($_GET['Expired']=='true'){
        $sessionexpire='true';
}

//print_r ($_SESSION);
foreach($_SESSION as $key => $val)
{
      unset($_SESSION[$key]);
}

//unset($_SESSION["InfraUser"]);
//unset($_SESSION["InfraPassword"]);
$_SESSION["InfraUser"]='';
$_SESSION["InfraPassword"]='';

$_SESSION = NULL;
print_r($_SESSION);

?>

<html >
  <head>
    <meta charset="UTF-8">
    <title>One click Infra</title>
        <link rel="stylesheet" href="loginstyle/css/style.css">
  </head>
  <body>
    <html>
<html>

<head>

  <meta charset="UTF-8">

  <title>Login Form</title>
<script src="loginstyle/js/prefixfree.min.js"></script>

</head>

<body>

  <div id="logo">
  <h1><i> One Click Infra</i></h1>
</div>
<section class="stark-login">

  <form action="loginvalidate.php" method="post">
        <?php if($authError=='true'){ ?>
                <div id="fade-box">
                        <p>Authentication Failed. Please Login Again</p>
                </div>
        <?php }
              else if ($sessionexpire=='true'){ ?>
                <div id="fade-box">
                        <p>Session Expired. Please Login Again</p>
                </div>
        <?php }?>


    <div id="fade-box">
                <input type="text" name="username" class="form-control" placeholder="Username" required="" />
                <input type="password" name="userpassword" class="form-control" placeholder="Password" required="" />
                <div hidden>
                        <input type="text" name="authorize" class="form-control" placeholder="Authorize" value="on"/>
                </div>
          <button>Log In</button>
        </div>
      </form>
      <div class="hexagons">
                 <img src="http://i34.photobucket.com/albums/d133/RavenLionheart/NX-Desktop-BG.png" height="768px" width="1366px"/>
              </div>
            </section>
            <div id="circle1">
              <div id="inner-cirlce1">
                <h2> </h2>
              </div>
            </div>
            <ul>
              <li></li>
              <li></li>
              <li></li>
              <li></li>
              <li></li>
            </ul>
  <script src='http://codepen.io/assets/libs/fullpage/jquery.js'></script>
  <script src="loginstyle/js/index.js"></script>
</body>
</html>
        <script src="loginstyle/js/index.js"></script>
  </body>
</html>

loginvalidate.php

<?php

session_start();
$User = $_POST["username"];
$Password = $_POST["userpassword"];

include('/opt/lampp/htdocs/oneclickinfra/Net/SSH2.php');
$ssh = new Net_SSH2('10.41.66.73');
if (!$ssh->login('centos', 'centos')) {
        exit('OCI Server Is Down. Please send mail to performance@snapdeal.com');
}


/////////////////////////////////////////////////////////////////////////////////////////////
if ($_POST['authorize']){
        $command0 = 'curl --request POST "http://gitlab.snapdeal.com/api/v3/session?login='.$User.'&password='.$Password.'"';
        $req_data0 = $ssh->exec($command0);
        if (strpos($req_data0,'Unauthorized')!==false){
                header("Location: login.php?AuthCheck=failed");
        }
        else{
                $_SESSION["InfraUser"] = $User;
                $_SESSION["InfraPassword"] = $Password;
                print 'Data here is: '.$_SESSION["InfraUser"].' and '.$_SESSION["InfraPassword"];
                //sleep(10);
                header("Location: index.php");
        }
}
////////////////////////////////////////////////////////////////////////////////////////////
?>

index.php的某些部分：

<?php
    session_start();

    $User = '';
    $Password = '';

    print_r($_SESSION);

    if(!isset($_SESSION['InfraUser'])){
    //if($_SESSION['InfraUser']===''){
            header("Location: login.php?AuthCheck=failed");
    }
    else{
            $User = $_SESSION["InfraUser"];
            $Password = $_SESSION["InfraPassword"];
    }

    //////////////////////////////////// Maintains Session Only for 30 Minutes ///////////////////////
    if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
            // last request was more than 30 minutes ago
            //session_unset();     // unset $_SESSION variable for the run-time
            //session_destroy();   // destroy session data in storage
            header("Location: login.php?Expired=true");
    }
    $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
    //////////////////////////////////////////////////////////////////////////////////////////////////

    $chefApiFetchAuthCheck = $_GET["chefApiFlavorFetchAuthenticationError"];

问题在于，当我按下注销时，它被重定向到login.php页面，该页面正在清除所有会话变量，因为我没有通过在login.php页面上打印会话数组来获取任何数据。但是当我直接在index.php上输入网站时，我仍然可以获得用户会话值。

如果用户在注销后直接输入index.php，请帮助我将用户重定向到loginPage。

Answer 1

die()之后您应该header("Location: login.php?Expired=true");因为$_SESSION['LAST_ACTIVITY']即使在您被重定向时仍处于设置状态。

对于您获得的错误，只能破坏现有的正在运行的会话。但似乎@avenged_badger打败了我的那个妙语。

Answer 2

您需要在login.php的开头调用session_start()。这就是为什么你没有看到$_SESSION变量以及它们没有被重置的原因。

即使在销毁之后，我的会话再次出现在PHP中

2 个答案: