`session_destroy`被销毁包括单独站点在内的所有会话

时间:2019-06-17 18:03:36

标签: php session login

我正在开发学生生命周期管理系统。在此之下,我需要提供一些改进的安全性。我的代码工作正常。但我有以下问题。

  • 当我使用echo $_SESSION[];时,在简单网页中全部命令 打印会话详细信息。(如果我有两个站点,则当我在站点1上运行echo $_SESSION[];时,也可以在站点2上看到会话详细信息)

  • 当我在单独的网页中使用session_destroy()时, (简单地,我们想,我有两个站点具有相同的登录格式。当我在站点1上运行session_destroy时,站点2也注销了。这是一个问题)

我需要避免这种情况。

会话创建代码

<?php
session_start();
if(isset($_SESSION['username'])){
    header("location:htdocs/dashbd.php");
}
include ('svr/conn.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $user_name = (isset($_POST['u_name']) ? $_POST['u_name'] : null);
    $password = sha1(md5($_POST['password']));
    if (!empty($user_name) && !empty($password)) {
        $sql = "SELECT * FROM users WHERE User_Name='$user_name' && Password='$password'";

        $result = mysqli_query($conn, $sql);

        if ($row = mysqli_num_rows($result) == 1) {
            $_SESSION['username'] = $user_name;
            $_SESSION['last_login_timestamp'] = time(); 
            $id=$_SESSION['last_login_timestamp'];
            $pc_name= gethostname(); 
            $com_user=get_current_user();
            $sql1="Insert Into logins(id,user,com_user,com_name)values($id,'$user_name','$com_user','$pc_name')";
           $sql2 = "INSERT INTO log_details (user,table_name,description) VALUES('$user_name','logins','Successfully Login $user')";
            mysqli_query($conn, $sql2);
            mysqli_query($conn, $sql1);

            header("location:htdocs/dashbd.php");
        } else {
            echo '<script type="text/javascript">';
            echo 'alert("Your Password Is Incorrect");';
            //   echo 'window.location = "index.php";';
            echo '</script>';
        }
    } else {
        echo '<script type="text/javascript">';
        echo 'alert("User name or Password Cannot Be empty");';
        //   echo 'window.location = "index.php";';
        echo '</script>';
    } } 

会话检查代码。

   <?php 
    session_start();

    if(!isset($_SESSION['username'])){
        echo '<script type="text/javascript">';
        echo 'alert("Access Denied !");';
       echo 'window.location = "index.php";';
        echo '</script>';
    }else{
        include '../svr/auto-logout.php';
        include '../svr/conn.php';
        $user=$_SESSION['username'];
        $sql="select * from user_permission where user_name='$user' and permission='Add-Student' and del_status=1 ";
        $res=  mysqli_query($conn, $sql);
        if(mysqli_num_rows($res)<1){
            echo '<script type="text/javascript">';
        echo 'alert("You have no Permission to Access this Page !");';
       echo 'window.location = "index.php";';
        echo '</script>';
        }
        include '../svr/auto-logout.php';
    }

0 个答案:

没有答案