会话管理问题
我有包含三个小应用程序的 PHP 应用程序。每个应用程序都有自己的用户,并且它们对于所有系统都是唯一的。我的会话管理有问题。当一个用户登录 server.com/app1 并写入 server.com/app2 时,第二个应用程序会自动使用该用户登录。但该用户对此应用程序没有任何权限。在登录页面中我这样做:
$status = $user->status;
if($status != 4) {
$auth_key = session_encrypt($userdata, $passdata);
$SQL = "UPDATE customer SET auth_key = '$auth_key'
WHERE username = '$userdata' ";
$auth_query = mysql_db_query($db, $SQL);
setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 7, "/app1", "server.com", false, true);
// Assign variables to session
session_regenerate_id(true);
$session_id = $user->id;
$session_username = $userdata;
$_SESSION['cid'] = $session_id;
$_SESSION['username'] = $session_username;
$_SESSION['status'] = $status;
$_SESSION['user_lastactive'] = time();
header("Location: index.php");
exit;
}
但这不起作用。有人可以帮助我如何修复我的会话。谢谢 :)
I have PHP application that contain three small applications. Each application have own users and they are unique for all system. I have problem with session management. When one user is logged in server.com/app1 and write server.com/app2 second application log in automaticaly with this user. But this user hasn't any rights on this application. In login page I do this:
$status = $user->status;
if($status != 4) {
$auth_key = session_encrypt($userdata, $passdata);
$SQL = "UPDATE customer SET auth_key = '$auth_key'
WHERE username = '$userdata' ";
$auth_query = mysql_db_query($db, $SQL);
setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 7, "/app1", "server.com", false, true);
// Assign variables to session
session_regenerate_id(true);
$session_id = $user->id;
$session_username = $userdata;
$_SESSION['cid'] = $session_id;
$_SESSION['username'] = $session_username;
$_SESSION['status'] = $status;
$_SESSION['user_lastactive'] = time();
header("Location: index.php");
exit;
}
But this doesn't work. Can someone help me how to repair my sessions. Thanks :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果我正确地阅读你的问题,你的问题是你的三个应用程序是独立的,但托管在同一服务器上/使用相同的 php 实例。这会导致他们使用相同的 php 会话,而后者会被不适当的垃圾填满。
您有几种可能的解决方案:
第一个也是最简单的是以某种方式为会话添加前缀,即使用
$_SESSION['app1']['param']或$_SESSION[ 'app1_param']而不是$_SESSION['param']。另外,如果您将 php 安装为 cgi 而不是 Apache 模块,则配置每个应用程序的 php.ini,使其不再共享其 session_id(即配置会话 cookie 名称和/或路径)也不将会话数据存储在同一位置(如果我没记错的话,位于 /tmp 中的某个位置)。
If I'm reading your question correctly, your problem is that your three apps are independent but are hosted on the same server/use the same php instance. This results in their using the same php session, and the latter gets filled up with inappropriate garbage.
You've several potential solutions:
The first and easiest is to prefix your sessions in the way or another, i.e. use
$_SESSION['app1']['param']or$_SESSION['app1_param']rather than$_SESSION['param'].Another, if you've php installed as cgi rather than as an Apache module, is to configure each individual apps' php.ini in such a way that they're no longer sharing their session_id (i.e. configure the session cookie name and/or path) nor storing the session data in the same location (which is somewhere in /tmp if I recall correctly).
如果您希望每个应用程序独立处理会话,那么在 cookie 中为每个应用程序设置唯一的 sessionid 可能会更容易。
If you would like your sessions to be handled independently by each app then it might be easier to just set the unique sessionid for each app in the cookie.