问题描述
我已经阅读了很多关于 php 安全最佳实践的文章,我正在努力在我的 xampp 服务器上使用这些实践.
I have read alot about the php security best practices on so, and I am trying hard to employ those on my xampp server.
我有一个包含所有安全性、ddos、会话管理的包含,其中有一个名为 sec_session_start 的函数.代码如下,但是当我尝试登录,然后重定向回我的主页时,所有会话数据都消失了.在我的登录过程页面上,在我进行重定向之前,它具有所有正确的会话数据.
I have an include that does all my security, ddos, session management, and in there is a function called sec_session_start. The code is below, but when i try to login, and then redirect back to my home page, all the session data is gone. On my login process page, before I do a redirect, it has all the correct session data.
在每个标题之后,我正在执行退出;".我也试过写 session_write_close();
After each header, i am doing "exit;". I have also tried writing session_write_close();
但这似乎不能解决我的问题.
But that doesnt' seem to solve my problems.
这是函数代码.
function sec_session_start() {
$session_name = 'AnyName'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.
}
每个页面都会调用这个函数.
This function is called on every page.
有什么建议吗?
推荐答案
Drop the session_regenerate_id(true);
Drop the session_regenerate_id(true);
这是不必要的,不会覆盖以前的 cookie,但true"是真正的问题,因为它会清除以前的会话详细信息.
This is uncessary and won't overwrite previous cookies, but the "true" is the real problem as that cleans out the previous session details.
这篇关于我的 php 会话在登录后不断丢失的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!