PHP SESSION data lost between page loads with WAMPserver 2.0 on localhost
I have a PHP authentication system on my website using the $_SESSION variable.
A form submits a username and password to the file \"login.php\". It is handled like t
-
Update to WAMP 2.5 and now the problem is solved!
讨论(0) -
I had this problem using WAMPSERVER for development on /localhost. I needed to change
session.use_only_cookieseither in-line or in thephp.inisetting fromsession.use_only_cookies = 1to
session.use_only_cookies = 0Explanation
Using default cookie-based sessions was working as expected but I needed a cookie-less solution. A test starting page:
<?php // page1.php ini_set('session.use_cookies', '0'); session_start(); $_SESSION['time'] = time(); echo '<br /><a href="page2.php?' . SID . '">page 2</a>'; ?>The session data was created and stored successfully in the WAMPSERVER temp directory, e.g.,
C:\wamp\tmp\sess_0rkdlonl5uia717rf03d4svs16. The link generated by the above code looks similar to (note the UID matches the session data file name):page2.php?PHPSESSID=0rkdlonl5uia717rf03d4svs16But the destination page2.php was throwing undefined errors for the variable 'time' whilst attempting to retrieve the session data:
<?php // page2.php ini_set('session.use_cookies', '0'); session_start(); echo date('Y m d H:i:s', $_SESSION['time']); echo '<br /><a href="page1.php?' . SID . '">page 1</a>'; ?>By setting
session.use_only_cookiesFALSE in either the script beforesession_start();:ini_set('session.use_only_cookies', '0');or changing it globally in
php.ini:; This option forces PHP to fetch and use a cookie for storing and maintaining ; the session id. We encourage this operation as it's very helpful in combatting ; session hijacking when not specifying and managing your own session id. It is ; not the end all be all of session hijacking defense, but it's a good start. ; http://php.net/session.use-only-cookies session.use_only_cookies = 0solved the problem.
讨论(0) -
After a long time I have fixed this bug finally.
On my localhost WAMP, the session data is not saved between page loads, because the session data is stored in a cookie, and there is no cookie domain to be set for localhost.
The solution:
'session.cookie_domain' should be set to empty string for all local domain names, not only for 'localhost' (but should not be empty for local IP addresses):
<?php ini_set('session.cookie_domain', (strpos($_SERVER['HTTP_HOST'],'.') !== false) ? $_SERVER['HTTP_HOST'] : ''); ?>Thanks to Marcin Wiazowski who posted it here.
讨论(0) -
Try to replace
if($_POST){...}with
if( isset($_POST['username']) && isset($_POST['password']) ){...}... at least for debugging purposes. It's possible that some different settings are causing a non-empty $_POST array where it's not expected.
Also, your code seems to be missing
exit()calls afterheader()redirections. Sending an HTTP Location header doesn't automatically stop your script.讨论(0) -
First of all: the index
logedinseems strange for keeping track of a user being logged in. Is this just a typo on SO, or really a code-typo?Second (depending on the desired behavior), try another approach for making pages login-protected. Your page should look something like
<?php include 'login.inc.php'; if(authorized()) { // put some more script here, if needed ?> // put some plain HTML here <?php } ?>Where
login.inc.phphandles the session, cookies. In particular, theauthorizedfunction should return TRUE if a client is already logged in. If a client is not logged in, it should display a form with action$_SERVER['PHP_SELF']and return FALSE. If you name the submit-input something likelogin_submit, you can letlogin.inc.phphandle the verification.This way, you don't need to refer users to a dedicated login page, and after logging in, user are directly shown the requested page. You can tweak this a bit to make query-strings persistent through login as well.
讨论(0) -
Faced the same problem but it was being caused by
session_regenerate_id(true);So I just deleted it from my code.
讨论(0)
加载中...
- 热议问题