会话在单个域的不同页面上具有不同的会话 ID,非安全页面!

发布于 2024-10-26 04:37:36 字数 3976 浏览 5 评论 0原文

我正为这件事揪心呢。我尝试制作一个简单的脚本来存储会话,以便当用户关闭浏览器时,他们可以稍后再回来,并且他们的购物篮仍然完好无损。这一切似乎都很顺利,直到我注意到篮子里的某些物品与之前的物品相同。经过一番检查后,我注意到这些奇怪页面上的会话 ID 不同!这是我的代码,位于我的框架的顶部。

<?php

session_start();
function sessions(){
    if( ! isset( $_COOKIE['PHPSESSID'] ) ) {
        setcookie( "PHPSESSID", session_id(), strtotime('+ 30 days') );
    }else{
        $con = Database::getInstance();
        if( session_id() != $_COOKIE['PHPSESSID'] ) {
            $re = $con->query( "SELECT * FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE session_id = '" . $_COOKIE['PHPSESSID'] . "'" );
            if( $re->num_rows != 0 ) {
                $ar = $re->fetch_assoc();
                $id = $ar['id'];
                $_SESSION['basket'] = unserialize( stripslashes( $ar['basket'] ) );
                $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET session_id = '" . session_id() . "' WHERE id = '$id' " );
            }
            unset($_COOKIE['PHPSESSID']);
            setcookie( "PHPSESSID", session_id(), strtotime('+ 30 days') );
            header('Location: ' . get_base_url() );
        }else{
            $re = $con->query( "SELECT * FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE session_id = '" . $_COOKIE['PHPSESSID'] . "'" );
            if( $re->num_rows != 0 ) {
                $ar = $re->fetch_assoc();
                $id = $ar['id'];
                if( ! empty( $_SESSION['basket'] ) ) {
                    $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET session_id = '" . $_COOKIE['PHPSESSID'] . "', data = '" . addslashes( serialize( $_SESSION['basket'] ) ) . "' WHERE id = '$id'" );
                }else{
                    $con->query( "DELETE FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE id = '$id'" );  
                }
            }else{
                if( ! empty( $_SESSION['basket'] ) ) {
                    $con->query( "INSERT INTO `" . TABLE_PREFIX . "_tbl_sessions` ( `session_id`, `stamp`, `data`) VALUES ( '" . $_COOKIE['PHPSESSID'] . "', NOW(), '" . addslashes( serialize( $_SESSION['basket'] ) ) . "' )" );  
                }
            }
        }
    }
    echo 'cookie: ' . $_COOKIE['PHPSESSID'] . ' : session(): ' . session_id();
}

?>

非常感谢有关此事的任何帮助。

** 编辑 **

我试图让它更简单,但仍然是同样的问题

<?php

function sessions(){
    $con = Database::getInstance();
    if( session_id() == '' ) {
        if( isset( $_COOKIE['session_id'] ) ) {
            session_start();
            $re = $con->query( "SELECT * FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE session_id = '" . $_COOKIE['session_id'] . "'" );
            if( $re->num_rows != 0 ) {
                $ar = $re->fetch_assoc();
                $id = $ar['id'];
                if( session_id() != $_COOKIE['session_id'] ) {
                    $_COOKIE['session_id'] = session_id();
                    $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET session_id = '" . session_id() . "' WHERE id = '$id' " );
                    $_SESSION['basket'] = unserialize( stripslashes( $ar['data'] ) );
                }else{
                    if( isset( $_SESSION['basket'] ) ) {
                        $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET data = '" . addslashes( serialize( $_SESSION['basket'] ) ) . "' WHERE id = '$id' " );
                    }
                }   
            }else{
                $con->query( "INSERT INTO `" . TABLE_PREFIX . "_tbl_sessions` ( `session_id`, `stamp`, `data`) VALUES ( '" . $_COOKIE['session_id'] . "', NOW(), '' )" );       
            }
        }else{
            session_start();
            setcookie( "session_id", session_id(), strtotime('+ 30 days') );
            $_COOKIE['session_id'] = session_id();
        }
    }else{
        die('session has previously been created'); 
    }
    echo 'cookie: ' . $_COOKIE['session_id'] . ' : session(): ' . session_id();
}

?>

I'm pulling my hair out over this one. I have tried to make a simple script to store sessions so when a user closes there browser, they can come back later and their shopping basket will still be in tact. This all seemed to be going fine until i noticed that on some items the basket was containing same items as the previous. After some checks I noticed the session id was different on these odd pages! Here's my code which sits at the top of my framework.

<?php

session_start();
function sessions(){
    if( ! isset( $_COOKIE['PHPSESSID'] ) ) {
        setcookie( "PHPSESSID", session_id(), strtotime('+ 30 days') );
    }else{
        $con = Database::getInstance();
        if( session_id() != $_COOKIE['PHPSESSID'] ) {
            $re = $con->query( "SELECT * FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE session_id = '" . $_COOKIE['PHPSESSID'] . "'" );
            if( $re->num_rows != 0 ) {
                $ar = $re->fetch_assoc();
                $id = $ar['id'];
                $_SESSION['basket'] = unserialize( stripslashes( $ar['basket'] ) );
                $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET session_id = '" . session_id() . "' WHERE id = '$id' " );
            }
            unset($_COOKIE['PHPSESSID']);
            setcookie( "PHPSESSID", session_id(), strtotime('+ 30 days') );
            header('Location: ' . get_base_url() );
        }else{
            $re = $con->query( "SELECT * FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE session_id = '" . $_COOKIE['PHPSESSID'] . "'" );
            if( $re->num_rows != 0 ) {
                $ar = $re->fetch_assoc();
                $id = $ar['id'];
                if( ! empty( $_SESSION['basket'] ) ) {
                    $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET session_id = '" . $_COOKIE['PHPSESSID'] . "', data = '" . addslashes( serialize( $_SESSION['basket'] ) ) . "' WHERE id = '$id'" );
                }else{
                    $con->query( "DELETE FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE id = '$id'" );  
                }
            }else{
                if( ! empty( $_SESSION['basket'] ) ) {
                    $con->query( "INSERT INTO `" . TABLE_PREFIX . "_tbl_sessions` ( `session_id`, `stamp`, `data`) VALUES ( '" . $_COOKIE['PHPSESSID'] . "', NOW(), '" . addslashes( serialize( $_SESSION['basket'] ) ) . "' )" );  
                }
            }
        }
    }
    echo 'cookie: ' . $_COOKIE['PHPSESSID'] . ' : session(): ' . session_id();
}

?>

any help on this matter is much appreciated.

** EDIT **

i've tried to make it more simpler but still same problem

<?php

function sessions(){
    $con = Database::getInstance();
    if( session_id() == '' ) {
        if( isset( $_COOKIE['session_id'] ) ) {
            session_start();
            $re = $con->query( "SELECT * FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE session_id = '" . $_COOKIE['session_id'] . "'" );
            if( $re->num_rows != 0 ) {
                $ar = $re->fetch_assoc();
                $id = $ar['id'];
                if( session_id() != $_COOKIE['session_id'] ) {
                    $_COOKIE['session_id'] = session_id();
                    $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET session_id = '" . session_id() . "' WHERE id = '$id' " );
                    $_SESSION['basket'] = unserialize( stripslashes( $ar['data'] ) );
                }else{
                    if( isset( $_SESSION['basket'] ) ) {
                        $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET data = '" . addslashes( serialize( $_SESSION['basket'] ) ) . "' WHERE id = '$id' " );
                    }
                }   
            }else{
                $con->query( "INSERT INTO `" . TABLE_PREFIX . "_tbl_sessions` ( `session_id`, `stamp`, `data`) VALUES ( '" . $_COOKIE['session_id'] . "', NOW(), '' )" );       
            }
        }else{
            session_start();
            setcookie( "session_id", session_id(), strtotime('+ 30 days') );
            $_COOKIE['session_id'] = session_id();
        }
    }else{
        die('session has previously been created'); 
    }
    echo 'cookie: ' . $_COOKIE['session_id'] . ' : session(): ' . session_id();
}

?>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

柠檬色的秋千 2024-11-02 04:37:36
<?php

function sessions(){
    $con = Database::getInstance();
    if( session_id() == '' ) {
        session_start();
        if( isset( $_COOKIE['session_id'] ) ) {
            $re = $con->query( "SELECT * FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE session_id = '" . $_COOKIE['session_id'] . "'" );
            display_error( $con );
            if( $re->num_rows != 0 ) {
                $ar = $re->fetch_assoc();
                $id = $ar['id'];
                if( session_id() != $_COOKIE['session_id'] ) {
                    setcookie( "session_id", '', strtotime('- 30 days'), '/', 'localhost' );
                    setcookie( "session_id", session_id(), strtotime('+ 30 days'), '/', 'localhost' );
                    $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET session_id = '" . session_id() . "' WHERE id = '$id' " );
                    display_error( $con );
                    $_SESSION['basket'] = unserialize( stripslashes( $ar['data'] ) );
                }else{
                    if( isset( $_SESSION['basket'] ) ) {
                        $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET data = '" . addslashes( serialize( $_SESSION['basket'] ) ) . "' WHERE id = '$id' " );
                        display_error( $con );
                    }
                }   
            }else{
                $con->query( "INSERT INTO `" . TABLE_PREFIX . "_tbl_sessions` ( `session_id`, `stamp`, `data`) VALUES ( '" . $_COOKIE['session_id'] . "', NOW(), '' )" );       
                display_error( $con );
            }
        }else{
            setcookie( "session_id", session_id(), strtotime('+ 30 days'), '/', 'localhost' );
            $_COOKIE['session_id'] = session_id();
        }
    }else{
        die('session has previously been created'); 
    }
    echo 'cookie: ' . $_COOKIE['session_id'] . ' : session(): ' . session_id();
}

function display_error( $con ) {
    if( isset( $con->error ) && $con->error != '' ) {
        die( $con->error );
    }
}

?>

以上有效!
$_COOKIES['foo'] = 'bar' *不会*仅在脚本执行过程中重新评估浏览器中的 cookie。

另一个问题是需要设置 cookie 的路径以阻止创建多个 cookie。工作和运行都很顺利!

<?php

function sessions(){
    $con = Database::getInstance();
    if( session_id() == '' ) {
        session_start();
        if( isset( $_COOKIE['session_id'] ) ) {
            $re = $con->query( "SELECT * FROM `" . TABLE_PREFIX . "_tbl_sessions` WHERE session_id = '" . $_COOKIE['session_id'] . "'" );
            display_error( $con );
            if( $re->num_rows != 0 ) {
                $ar = $re->fetch_assoc();
                $id = $ar['id'];
                if( session_id() != $_COOKIE['session_id'] ) {
                    setcookie( "session_id", '', strtotime('- 30 days'), '/', 'localhost' );
                    setcookie( "session_id", session_id(), strtotime('+ 30 days'), '/', 'localhost' );
                    $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET session_id = '" . session_id() . "' WHERE id = '$id' " );
                    display_error( $con );
                    $_SESSION['basket'] = unserialize( stripslashes( $ar['data'] ) );
                }else{
                    if( isset( $_SESSION['basket'] ) ) {
                        $con->query("UPDATE `" . TABLE_PREFIX . "_tbl_sessions` SET data = '" . addslashes( serialize( $_SESSION['basket'] ) ) . "' WHERE id = '$id' " );
                        display_error( $con );
                    }
                }   
            }else{
                $con->query( "INSERT INTO `" . TABLE_PREFIX . "_tbl_sessions` ( `session_id`, `stamp`, `data`) VALUES ( '" . $_COOKIE['session_id'] . "', NOW(), '' )" );       
                display_error( $con );
            }
        }else{
            setcookie( "session_id", session_id(), strtotime('+ 30 days'), '/', 'localhost' );
            $_COOKIE['session_id'] = session_id();
        }
    }else{
        die('session has previously been created'); 
    }
    echo 'cookie: ' . $_COOKIE['session_id'] . ' : session(): ' . session_id();
}

function display_error( $con ) {
    if( isset( $con->error ) && $con->error != '' ) {
        die( $con->error );
    }
}

?>

The Above works!
$_COOKIES['foo'] = 'bar' *does not* re-value the cookie in the browser only during the script.

The other problem was needing to set the path and domain of the cookie to stop multipul cookies being created. Works and runs smoothly!

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文