登录后我的 php 会话一直丢失

My php sessions keep being lost after login(登录后我的 php 会话一直丢失)

问题描述

我已经阅读了很多关于 php 安全最佳实践的内容，并且我正在努力在我的 xampp 服务器上使用它们.

I have read alot about the php security best practices on so, and I am trying hard to employ those on my xampp server.

我有一个包含我所有的安全、ddos、会话管理的包含，其中有一个名为 sec_session_start 的函数.代码如下，但是当我尝试登录，然后重定向回我的主页时，所有会话数据都消失了.在我的登录过程页面上，在我进行重定向之前，它具有所有正确的会话数据.

I have an include that does all my security, ddos, session management, and in there is a function called sec_session_start. The code is below, but when i try to login, and then redirect back to my home page, all the session data is gone. On my login process page, before I do a redirect, it has all the correct session data.

在每个标题之后，我正在执行退出；".我也试过写 session_write_close();

After each header, i am doing "exit;". I have also tried writing session_write_close();

但这似乎不能解决我的问题.

But that doesnt' seem to solve my problems.

这里是功能代码.

function sec_session_start() {
$session_name = 'AnyName'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id. 

ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.  
}

每个页面都会调用这个函数.

This function is called on every page.

有什么建议吗?

推荐答案

删除session_regenerate_id(true);

Drop the session_regenerate_id(true);

这是不必要的，不会覆盖以前的 cookie，但真"是真正的问题，因为它会清除以前的会话详细信息.

This is uncessary and won't overwrite previous cookies, but the "true" is the real problem as that cleans out the previous session details.

这篇关于登录后我的 php 会话一直丢失的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！