php session_start()忽略已创建的会话

时间:2017-01-05 19:46:14

标签: php session

我已经设置了一个本地网络服务器并放入了我一直在处理的项目(代码已经在运行)。

我看到的问题是session_start()忽略已经创建的会话并不断创建新会话(每次单击链接或刷新页面时都可以看到新文件),即使会话变量已写入进入文件。

sessions文件夹由http用户拥有(php-fpm配置中的默认用户)。

这是来自php.ini的会话配置:

session.save_handler = files
session.save_path = "/srv/http/sessions"
session.use_strict_mode = 1
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 1
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5

任何人都知道发生了什么事?

这是启动会话的功能:

public static function sec_session_start() {
    if (ini_set('session.use_only_cookies', 1) === FALSE) {
        $session_error = 'Error: Cannot create new user session.';
        return $session_error;
    }
    else {
        $session_name   = 'session_id';
        $domain         = 'domain.com';
        $secure         = TRUE;
        $httpOnly       = TRUE;                         // prevents cookie theft

        // Get the current cookies params.
        $cookieParams = session_get_cookie_params();
        // Set the current cookies params.
        session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $domain, $secure, $httpOnly);

        // Sets the session name to the one set above.
        session_name($session_name);
        session_start();                                // Start the PHP session

        if (!isset($_SESSION['CREATED'])) {
            $_SESSION['CREATED'] = time();
        } else if ((time() - $_SESSION['CREATED']) > 1800) {
            // session started more than 30 minutes ago
            session_regenerate_id(TRUE);                // change session ID for the current session and invalidate old session ID
            $_SESSION['CREATED'] = time();              // update creation time
        }
/*
        $hasExpired = FALSE;

        if (isset($_SESSION['staff_id'], $_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY']) > 9999) {  // 300 (5 mins)
            // last request was more than 5 minutes ago
            $_SESSION = array();                        // unset $_SESSION variable for the run-time
            $params = session_get_cookie_params();      // Get session parameters
            setcookie(session_name(),                   // Delete the actual cookie
                      '',
                      time() - 3600,
                      $params["path"],
                      $params["domain"],
                      $params["secure"],
                      $params["httponly"]);
            session_destroy();                          // destroy session data in storage

            $hasExpired = TRUE;                         // now we know the user has lost his session for inactivity
        }

        $_SESSION['LAST_ACTIVITY'] = time();            // update last activity time stamp*/
    }

    //return $hasExpired;
}

1 个答案:

答案 0 :(得分:0)

我的不好,忘记将COOKIE添加到variables_order指令:

variables_order = "GPCS"

这意味着服务器需要访问cookie才能真正知道当前会话(对于用户)是否已经存在,否则无法知道。

相关问题
最新问题