问题描述
我阅读了一些关于如何保护会话的内容,我决定将 session_id 保存到数据库中,然后在加密后将其保存到会话变量中.
I read a bit on how to secure a session and what I decided to do was to save the session_id to the database, and then save it to a session variable after it has been encrypted.
这是我用于加密的类(由 Orielly 书籍作者编写):
Here is the class that I used for the encryption (it was writen by Orielly books author):
使用 session_set_save_handler 的加密类
我是这样应用的:
ini_set('session.use_only_cookies',true);
//calls the session class.
require_once(dirname(__file__)."/../../Administrator/secure_session.php");
session_start();
if( !isset($_SESSION['mod']) )
{
Moderator::insert_moderator($name,session_id());
$_SESSION['mod']= session_id();
$_SESSION['time']=time();
echo "<br/>Moderator session: ".$_SESSION['mod'];
}
这是抛出的异常:
致命错误:未捕获的异常异常",消息为我无法生成安全的伪随机密钥.请在 C:\xampp\htdocs\PoliticalForum\Administrator\secure_session.php:74 堆栈跟踪:#0 C:\xampp\htdocs\PoliticalForum\Administrator\secure_session.php(107) 中使用 PHP >= 5.3 或 Mcrypt 扩展名:SecureSession->_randomKey(32) #1 [内部函数]: SecureSession->open('C:\xampp\htdocs...', 'PHPSESSID') #2 C:\xampp\htdocs\PoliticalForum\StoredProcedure\User\headerSite.php(43): session_start() #3 C:\xampp\htdocs\PoliticalForum\mainHome.php(14): include_once('C:\xampp\htdocs...') #4 {main} 在 C 中抛出:\xampp\htdocs\PoliticalForum\Administrator\secure_session.php 第 74 行
我做错了什么,我该如何解决这个问题,因为我不太了解加密!
What am I doing wrong, how can I fix this, cause I dont understand much of encryption!
推荐答案
例外是因为您可能正在使用 PHP <5.3 或者你的 php.ini 中没有包含 mcrypt 扩展
The exception is because you're probably using PHP < 5.3 or you didn't include the mcrypt extension in your php.ini
在您的错误日志中,如果您查看该类的第 74 行:
In your error log says line 74 of the class, if you look at it:
(71) if (defined(MCRYPT_DEV_URANDOM)) {
(72) return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
(73) } else {
(74) throw new Exception("I cannot generate a secure pseudo-random key. Please use PHP >= 5.3 or Mcrypt extension");
(75) }
这意味着未定义 MCRYPT_DEV_URANDOM,如果您查看 php.net 你会看到它是在 PHP >= 5.3 中在 Widnows 平台上引入的
that means that MCRYPT_DEV_URANDOM is not defined, and if you look in php.net you'll see that it was introduced in PHP >= 5.3 on Widnows platforms
To update you PHP download the latest stable version from here or here (Windows)
这篇关于无法在 php 中使用会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!