问题描述

我不知道为什么会出现此会话错误...

I can not figure out why I am getting this session error...

据我所知，只有在调用session_start（）函数之前浏览器有某种输出时，这种情况才会发生在这种情况下，通话前屏幕上没有打印任何内容，甚至没有空格。为什么我仍然会收到错误的任何想法？

As far as I knew this happens only when there is some sort of output to the browser before the session_start() function is called, in this case there is nothing printed to screen before the call, not even any white space. Any ideas why I would still get the errors?

我发布了此演示的完整源代码，因此您可以确切地看到我用来创建错误的内容。

I posted the full source code of this demo so you can see exactly what I used to create the error.

<?php
session_start();

require('formkey.class.php');
$formKey = new formKey();

$error = 'No error';

//Is request?
if($_SERVER['REQUEST_METHOD'] == 'post')
{
    //Validate the form key
    if(!isset($_POST['form_key']) || !$formKey->validate())
    {
        //Form key is invalid, show an error
        $error = 'Form key error!';
    }
    else
    {
        //Do the rest of your validation here
        $error = 'No form key error!';
    }
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
    <title>Securing forms with form keys</title>
</head>
<body>
    <div><?php if($error) { echo($error); } ?>
    <form action="" method="post">
    <dl>
        <?php $formKey->outputKey(); ?>

        <dt><label for="username">Username:</label></dt>
        <dd><input type="text" name="username" id="username" /></dd>
        <dt><label for="username">Password:</label></dt>
        <dd><input type="password" name="password" id="password" /></dd>
        <dt></dt>
        <dd><input type="submit" value="Submit" /></dd>
    <dl>
    </form>
</body>
</html>

课程文件

<?php
class formKey
{
    //Here we store the generated form key
    private $formKey;

    //Here we store the old form key
    private $old_formKey;

    //The constructor stores the form key (if one excists) in our class variable
    function __construct()
    {
        //We need the previous key so we store it
        if(isset($_SESSION['form_key']))
        {
            $this->old_formKey = $_SESSION['form_key'];
        }
    }

    //Function to generate the form key
    private function generateKey()
    {
        $ip = $_SERVER['REMOTE_ADDR'];
        $uniqid = uniqid(mt_rand(), true);
        return md5($ip . $uniqid);
    }

    //Function to output the form key
    public function outputKey()
    {
        //Generate the key and store it inside the class
        $this->formKey = $this->generateKey();
        //Store the form key in the session
        $_SESSION['form_key'] = $this->formKey;

        //Output the form key
        echo "<input type='hidden' name='form_key' id='form_key' value='".$this->formKey."' />";
    }


    //Function that validated the form key POST data
    public function validate()
    {
        //We use the old formKey and not the new generated version
        if($_POST['form_key'] == $this->old_formKey)
        {
            //The key is valid, return true.
            return true;
        }
        else
        {
            //The key is invalid, return false.
            return false;
        }
    }
}
?>

推荐答案

编辑：在这一点上，我认为session_start（）在获取cookie之前会抛出错误。已发送。较早的错误将被发送到浏览器，并阻止cookie的发送。但是，在这种情况下，您应该在屏幕上看到之前的错误。我知道这可能不是问题所在，但我想不出是什么原因引起的。

At this point, I am thinking that session_start() is throwing an error before it can get the cookie sent. An early error would get sent to the browser and prevent the cookie from being sent. However, in this case, you should see the earlier error on your screen. I know this is probably not the issue, but I can't think of what else could be causing the problem.

这篇关于为什么会出现此PHP session_start（）错误？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！