如何确保通行证和设置会话ID？

发布于 2024-09-30 09:02:54 字数 262 浏览 4 评论 0原文

我正在使用 uploadify，并且脚本（使用 adobe flash）在请求上传操作 url 时创建一个新会话，而不是使用当前会话。为了解决这个问题，我需要提前传递会话 ID。

有没有办法在没有允许会话固定（劫持）的情况下做到这一点？

以下是问题的一些详细信息：会话和 uploadify

谢谢！

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

弄潮 2024-10-07 09:02:54

在您的脚本中创建一个临时上传会话（未经测试，但您知道能够有多个不同的会话）：

<?php
//normal session
session_start();
//store sessionid for retrieval
$oldsessionid = session_id();
if($_SESSION['logged_in']){ //or however you check for a valid user
    //stop old/normal session
    session_write_close();   
    //create a new sessionname
    $oldname = session_name('UPLOADSESSION');
    //create a new id (fixed here, you might want a random number/char combo:
    session_id('myuploadsessionid');
    //start the session
    session_start();
    $_SESSION['upload'] = true;
    $uploadid = session_id();
    //now you can use `'data: "artist="+$fi+"&UPLOADSESSION="'.$uploadid` in uploadify
    session_write_close();
}
//return to normal name
session_name($oldname);
//set old session id
session_id($oldsessionid);
//resume normal session
session_start();

因此，在您的接收脚本中：

<?php
session_name('UPLOADSESSION');
session_id($_POST['UPLOADSESSION']);
session_start();
if(isset($_SESSION['upload']) && $_SESSION['upload']){
   //accept files
   //invalidate session after this upload
   $_SESSION['upload'] = false;
}

用户仍将有 2 个 cookie，并且可能 UPLOADSESSION 是固定的，但您不这样做请勿将其用于上传之后的任何其他用途，并且仅用于 1 次上传（尽管您可能希望允许更多）。

或者，您可以在上传后的第一个请求上调用 session_regenerate_id();（只需在上传时在 $_SESSION 中设置一个标志）。

Create a temporary upload session in your script (untested, but you get the point about being able to have several different sessions):

<?php
//normal session
session_start();
//store sessionid for retrieval
$oldsessionid = session_id();
if($_SESSION['logged_in']){ //or however you check for a valid user
    //stop old/normal session
    session_write_close();   
    //create a new sessionname
    $oldname = session_name('UPLOADSESSION');
    //create a new id (fixed here, you might want a random number/char combo:
    session_id('myuploadsessionid');
    //start the session
    session_start();
    $_SESSION['upload'] = true;
    $uploadid = session_id();
    //now you can use `'data: "artist="+$fi+"&UPLOADSESSION="'.$uploadid` in uploadify
    session_write_close();
}
//return to normal name
session_name($oldname);
//set old session id
session_id($oldsessionid);
//resume normal session
session_start();

So, in your receiving script:

<?php
session_name('UPLOADSESSION');
session_id($_POST['UPLOADSESSION']);
session_start();
if(isset($_SESSION['upload']) && $_SESSION['upload']){
   //accept files
   //invalidate session after this upload
   $_SESSION['upload'] = false;
}

The user will still have 2 cookies, and possibly UPLOADSESSION is fixated, but you don't use it for anything else then uploading, and only for 1 upload (although you might want to allow more).

Alternatively, you could just call a session_regenerate_id(); on the first request after an upload (just set a flag in the $_SESSION on upload).

回复收藏 0 原文

~没有更多了~