问题已解决-请参阅:https://stackoverflow.com/a/14719452/1174295
--
我在谷歌浏览器和Safari中遇到了一个问题。
在第一次尝试登录时,不会重定向用户。会话已创建,但它几乎没有被检测到,并将用户带回索引页。在第二次尝试时,会发出正确的重定向,并将用户带到正确的页面。
该脚本在Firefox中运行良好,我已经进行了广泛的检查,以查看是否返回了正确的数据。我搜索了又搜索,但不幸的是,没有出现任何有用的数据。
Access.php-用户登录
<?php
session_start();
ob_start();
include_once('db.class.php');
include_once('register.class.php');
include_once('login.class.php');
$db = null;
$reg = null;
$log = null;
$db = new Database();
$log = new Login($db, null, null, null, null, null, null);
if (isset($_SESSION['login'])) {
$log->redirectUser($_SESSION['login']);
}
include_once('includes/header.html');
?>
Some HTML...
<?php
if (isset($_POST['logsub'])) {
$db = new Database();
$log = new Login($db, $_POST['email'], $_POST['pass']);
$validation = &$log->validate();
if(empty($validation)) {
$log->redirectUser($_SESSION['login']);
} else {
echo "<div id='error'><div class='box-error'><p style='font-weight: bold'>The following errors occured...</p><ul>";
for ($i = 0; $i < count($validation); $i++) {
echo "<li>" . $log->getErrorMessage($validation[$i]) . "</li>";
}
echo "</ul></div></div>";
}
}
?>
Login.class.php-登录类
// Validate the credentials given
public function validateLogin() {
// Hash the plain text password
$this->hashedPass = $this->hashPassword();
try {
$query = $this->dbcon->prepare("SELECT Login_ID, Login_Email, Login_Password FROM Login WHERE Login_Email = :email AND Login_Password = :pass");
$query->bindParam(':email', $this->email, PDO::PARAM_STR);
$query->bindParam(':pass', $this->hashedPass, PDO::PARAM_STR);
$query->execute();
$fetch = $query->fetch(PDO::FETCH_NUM);
$this->loginid = $fetch[0];
// If a match is found, create a session storing the login_id for the user
if ($query->rowCount() == 1) {
$_SESSION['login'] = $this->loginid;
session_write_close();
} else {
return LOG_ERR_NO_MATCH;
}
} catch (PDOException $e) {
$this->dbcon->rollback();
echo "Error: " . $e->getMessage();
}
}
// Fetch the customer ID
private function getCustId() {
try {
$query = $this->dbcon->prepare("SELECT Customer.Cust_ID FROM Customer JOIN Login ON Customer.Login_ID = Login.Login_ID WHERE Customer.Login_ID = :loginid");
$query->bindParam(':loginid', $this->loginid, PDO::PARAM_INT);
$query->execute();
$fetch = $query->fetch(PDO::FETCH_NUM);
return $fetch[0];
} catch (PDOException $e) {
$this->dbcon->rollback();
echo "Error: " . $e->getMessage();
}
}
// Check the registration progress - are they verified? paid?
// This function is used elsewhere hence the $sessionid argument
public function checkRegistration($sessionid) {
$this->loginid = $sessionid;
$this->custid = $this->getCustId();
try {
$queryVer = $this->dbcon->prepare("SELECT Cust_ID FROM Customer_Verify_Email WHERE Cust_ID = :custid");
$queryVer->bindParam(":custid", $this->custid, PDO::PARAM_INT);
$queryVer->execute();
$queryFee = $this->dbcon->prepare("SELECT Cust_ID FROM Initial_Fee_Payment WHERE Cust_ID = :custid");
$queryFee->bindParam(":custid", $this->custid, PDO::PARAM_INT);
$queryFee->execute();
// If a record exists in the verify table, return the value 1. This means the user has not yet verified their email.
if ($queryVer->rowCount() == 1) {
return 1;
} else {
// If a record does not exist in the payment table, no payment has been made. Return 2.
if ($queryFee->rowCount() == 0) {
return 2;
// Otherwise, email is verified and the payment has been made.
} else {
return 0;
}
}
} catch (PDOException $e) {
$this->dbcon->rollback();
echo "Error: " . $e->getMessage();
}
}
// Redirect the user accordingly
public function redirectUser($sessionid) {
$this->loginid = $sessionid;
$logNum = $this->checkRegistration($this->loginid);
if ($logNum == 0) {
header("Location: fbedder/details.php", true, 200);
exit();
} else if ($logNum == 1) {
header("Location: fbedder/verification.php", true, 200);
exit();
} else if ($logNum == 2) {
header("Location: fbedder/payment.php", true, 200);
exit();
}
}
这里有一个网站链接:fbedder/->我已经用凭据设置了一个测试帐户->电子邮件:test@/password:test123321
重申一下,这个问题只存在于Google Chrome和Safari(我的iPhone上有Safari)中,并且完全存在于登录方面。第一次尝试时,会话将被忽略(已创建),第二次尝试时将重定向用户。
有什么想法吗?我尝试了很多可能性。。。
--编辑--
我知道现在问题出在哪里了。
当调用重定向时,它会将用户发送到details.php页面。但是,此页面包含以下代码片段:
if (!isset($_SESSION['login'])) {
header("Location: fbedder/index.php");
}
显然,正在发生的事情是,会话没有被检测到/保存/"whatevered",结果是将用户发送回索引页面。是否有办法确保$_SESSION不会有效丢失。我在这里发帖之前已经读过这篇文章,这就是我插入session_write_close()
的原因,但这似乎没有达到预期的效果。
在诊断出$_SESSION变量实际上丢失的问题后,我阅读了关于session_write_close()
函数的信息,并发现了以下注释:
我的会话搞砸了,因为我同时有两个不同的会话ID:
- domain.com的1 PHPSESSID cookie
- www.domain.com的1个PHPSESSID cookie
这修复了它:
//在每一页的开头。。。
session_set_kokie_params(1800,"/","domain.com");session_start();
来源:http://pt2.php.net/manual/en/function.session-write-close.php#84925
设置参数解决了问题。