CodeIgniter会话继续被销毁

CodeIgniter会话继续被销毁

本文介绍了CodeIgniter会话继续被销毁的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用一个使用CodeIgniter 2.1.3的旧应用程序。在开发期间,它运行在vhost上,可通过访问(其等于xampp / htdocs / project / app )。

I'm working on an older application which uses CodeIgniter 2.1.3. During development it runs on a vhost, accessible at http://vhostname/app (which equals xampp/htdocs/project/app).

我将实时系统1:1复制到我的开发系统(包含数据库和一切)。

I copied the live system 1:1 to my development system (with database and everything).

系统使用会话存储访客的临时数据(例如购物车)。我的问题:对我的开发env会话在每次刷新时被销毁。经过一些测试,我发现它发生在 system / core / Sessions.php

The system uses sessions to store temp data for visitors (e.g. cart). My problem: on my development env the session is destroyed on every refresh. After some testing I found at that it's happening in the system/core/Sessions.php:

        // encryption was not used, so we need to check the md5 hash
        $hash    = substr($session, strlen($session)-32); // get last 32 chars
        $session = substr($session, 0, strlen($session)-32);

        // Does the md5 hash match?  This is to prevent manipulation of session data in userspace
        if ($hash !==  md5($session.$this->encryption_key))
        {
            log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
            $this->sess_destroy();
            return FALSE;
        }

但我完全不知道为什么会发生这种情况,

But I have absolutely no idea why this is happening and run out of ideas slowly.

生活和开发系统之间唯一可提及的区别:

The only mentionable difference between live and dev system:


  • 实时系统,应用程序通过iframe嵌入到WordPress安装。因此,该网址不是,而是

  • On the live system the application is embedded via an iframe to a WordPress installation. Hence the URL is not http://vhost/app but http://projectname.com

更新:
至少我只是发现哈希不匹配加密密钥的原因。我包括来自WordPress的 wp-head.php 以访问WordPress函数。

Update:At least I've just found the reason why the hash doesn't match the encryption key. I'm including the wp-head.php from WordPress to get access to WordPress functions. But it seems that my sessions "get corrupted" at this point - without the include the session stays alive.

更新2:
好​​吧,我想我的会话坏了 m越来越近。我试图比较会话cookie,一个与wordpress包括版本和一个没有。实际上有很大的区别:

Update 2:Okay, I think I'm getting closer. I tried to compare the session cookies, one with the wordpress included version and one without. There's actually a big difference:

WordPress的Cookie包括:

The cookie with WordPress included:

a:6:{s:10:\"session_id\";s:32:\"8e3b975d0b30f6b229f475b2f03947a0\";s:10:\"ip_address\";s:9:\"127.0.0.1\";s:10:\"user_agent\";[...]

没有WordPress:

Without WordPress:

a:6:{s:10:"session_id";s:32:"7451cd27e1b45d2c7b8a042ed6b2bf9e";s:10:"ip_address";s:9:"127.0.0.1";s:10:"user_agent";[...]

这些引号来自哪里?

谢谢!

推荐答案

检查配置文件中的会话设置

Check your session setting in config file

$config['sess_match_useragent'] = TRUE;

如果sess_match_useragent设置为true。然后让它假,尝试。

If sess_match_useragent set as true. Then make it false and try.

每次代码签名检查useragent并返回其值如

As codeigniter check each time for useragent and return its value like

Mozilla/5.0 (Windows NT 5.1; rv:13.0a1) Gecko/20120206 Firefox/13.0a1

OR

Mozilla/5.0 (Windows NT 5.1; rv:13.0a1)

并用cookie检查。

and check with cookie. Some time its trim user_agent and save in cookie but compare with full return value which cause this issue.

如果您使用数据库在codeingiter中保存会话

If you are using database for saving session in codeingiter

$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;
enter code here

然后在CI_session表中增加user_agent列长度。

then in CI_session table increase user_agent column length.

这篇关于CodeIgniter会话继续被销毁的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 06:15