问题
I'm having an issue with the Sessions Variables. Ever since i switched from mysqli to PDO. It worked fine with mysqli, but ever since i switched to PDO, this issue has now come forward.
I'm trying to login and i have an area, where i want to make sure that the user can only see, if the user is logged in. The login works fine, but as soon as i get referred to my index file, i don't see anything, because of the logged in function. I can see the $_SESSION Variable gets filled, but as soon as i redirect to another file, the $_SESSION Variables disappear and i get an empty Array:
Array
(
)
process_login.php
require_once('../inc/user.inc.php'); // here i have all my functions
$user = new User(); // New Instance of my User Class
$user -> sec_session(); // selfmade session function. I use start_session() in this function
if (isset($_POST['email'], $_POST['p'])) {
$email = filter_var($_POST['email'], FILTER_SANITIZE_STRING);
$password = filter_var ($_POST['p'], FILTER_SANITIZE_STRING);
$login = $user -> login_user($email, $password);
if ($login) {
// Login sucessful
//print("<pre>".print_r($_SESSION,true)."</pre>"); //Here i get my $_SESSION variable printed out and it works. I see it is filled.
header('Location: ../index.php');
exit();
}
index.php
<?php
$title = 'Index';
$currentPage = 'Dashboard';
include('php/head.php');
require_once('../inc/user.inc.php');
$user = new User();
$user -> sec_session(); // here i call my session function again. Note: session_start() is included in this function
print("<pre>".print_r($_SESSION,true)."</pre>"); //Now The Array is empty?!?
?>
user.inc.php - sec_session function
protected function sec_session() {
$session_name = 'sec_session_id';
$secure = SECURE;
$httponly = true;
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
session_name($session_name);
session_start();
session_regenerate_id();
}
Whilst logging in, i set the Session to the following in my login function:
if ($db_password == $password) {
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/",
"",
$username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512',
$password . $user_browser);
return true;
}
This above works all fine, but only disappears, when i land in my index.php and i know there is something worng, but i have no idea what it is.
回答1:
Are you using http or https to access your local site? If you are using secure cookies PHP won't read them under http instead it starts a new session with a new cookie, switching to https solves this problem.
It looks from your sec_session function that you are using secure cookies ($secure = SECURE;) so is your browser session using HTTPS? If you are using HTTP with secure cookies you will start a new session on each page and won't have access to existing session variables.
The best solution is to access your local site with https just like you would for your live site but if you switch off the secure cookie setting for your local site that will work too.
来源:https://stackoverflow.com/questions/56294582/php-session-variables-disappear-on-new-page-and-return-empty