PHP $ _SESSION和$ _COOKIE不在页面重定向之间保存

时间:2016-09-21 22:49:06

标签: php html mysql security session

我在GoDaddy上托管了一个网站(也许这是问题的一部分?)我正在尝试使用$ _SESSION创建一个登录系统。但是,页面重定向后变量不会停留。在登录页面上,代码为:

session_set_cookie_params(0, "/");
session_start();
include 'hidden/config.php';
require 'hidden/password.php';

$error = "";

if($_SERVER["REQUEST_METHOD"] == "POST") {

    $myusername = mysql_real_escape_string($_POST['username']);
    $mypassword = mysql_real_escape_string($_POST['password']);

    $sql = "SELECT password FROM ns_users WHERE username = '$myusername'";
    $storedpw = mysql_query($sql);
    $row = mysql_fetch_array($storedpw);

    $count = mysql_num_rows($storedpw);

    if($count == 1) {
        if (password_verify($mypassword, $row['password'])) {

            $_SESSION["loginuser"] = $myusername;
            echo "<script type='text/javascript'>window.top.location='account.php';</script>"; exit();

        } else {
            $error = "Invalid username or password";
        }
    }else{
        $error = "Invalid username or password";
    }
}

config.php具有数据库连接。以及account.php页面中包含的session.php代码:

session_set_cookie_params(0, "/"); 
include 'hidden/config.php';
session_start();

if(!isset($_SESSION["loginuser"])){
    echo "<script type='text/javascript'>window.top.location='login.php';</script>"; exit();
}else{
    $username = $_SESSION["loginuser"];
    $sql = "SELECT * FROM ns_users WHERE username='$username';";
    $userinfo = mysql_query($sql);
    $row = mysql_fetch_array($userinfo);
    $user_id = $row['id'];
    $user_firstname = $row['firstname'];
    $user_lastname = $row['lastname'];
    $user_email = $row['email'];
    $user_signupdate = $row['signup_date'];
}

我提交登录后,它会重定向到account.php,然后将我发回登录,这意味着重定向后$ _SESSION变量不会停留。但是,我知道它们已被设置,因为如果我取出重定向并在login.php上添加echo $_SESSION["loginuser'];,我可以检索它们的值。

0 个答案:

没有答案