我知道有很多问题,但他们没有提供太多信息或使用其他方法进行身份验证 . 让我们开始:
我有一个登录页面和主页面 . 我在$ _SESSION中登录保存会话在每个页面中我创建session_start()然后我检查用户是否看起来是$ _SESSION .
当我登录时,它将我重定向到主页面 . 当我尝试login.php时,它正确地检测到并重定向到main.php . 当我刷新main.php时,它正确检测到我的会话 .
然后,我想在DB中进行更改,所以我使用jquery函数$ .post将post数据发送到action.php并做一些工作人员 . Action.php回显“true”,因此$ .post处理程序可以检测到更改已正确并重定向 . Action.php回显“false”,因此$ .post处理程序警报出现错误 .
When i make that change to the DB, it gets done and echo true so main.php refresh itself showing the change BUT INSTEAD OF REFRESH IT COME BACK TO LOGIN.PHP LOSING ALL SESSION DATA.
这里有一些代码:
start_session
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
//session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_set_cookie_params(7200, "/", $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.
}
top of main.php and login.php and action.php
include('../db_connect.php');
include('../functions.php');
sec_session_start(); // Our custom secure way of starting a php session.
if(!login_check($mysqli)){
header('Location: ../');
}
Javascript function to post data to action.php
function createTeam(){
var serializedData = $('#new_team_form').serialize();
$.post('action.php', serializedData , function (resp) {
if(resp == "false"){
$('#exists').html("El grupo que intentas crear ya existe o ha habido un error en la petición.");
}else{
window.location ="./";
}
});
return false; //Needs to return false cause its the submit button of form
}
action.php - what is echoed will be the return for $.post()
<?php
include '../db_connect.php';
include '../functions.php';
sec_session_start(); // Our custom secure way of starting a php session.
$team = $_POST['team'];
$_SESSION['user_id'] = $user_id;
if ($stmt = $mysqli->prepare("SELECT name FROM teams WHERE name = ? LIMIT 1")) {
$stmt->bind_param('s', $team); // Bind "$user_id" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if($stmt->num_rows == 1) {
echo "false1".$team;
} else {
//Creamos el grupo en la base de datos y ponemos al usuario en dicho grupo
if ($stmt = $mysqli->prepare("INSERT INTO teams (id, name) VALUES (DEFAULT, '$team')")) {
$stmt->execute(); // Execute the prepared query.
if($stmt = $mysqli->prepare("UPDATE members SET team = '".$team."' WHERE members.id ='".$user_id."' LIMIT 1 ")) {
$stmt->execute(); // Execute the prepared query.
echo "true";
}else{
echo "false2";
}
}else{
echo "false3";
}
}
} else {
echo "false4";
}
?>
1 回答
正如我理解您的代码和问题,您已经问过......通过main.php,没有会话转移到action.php,除了所有东西都正常运行..
使用此语法...
// The session retrieve the values in form of :
$ _SESSION ['user_id'] = $ user_id;
//And its shifted to the another page where the session is retrieved :
$ user_id = $ _SESSION ['user_id'];
I think in your action.php the session is not properly declares in retrieval form. Write this in action.php
$ user_id = $ _SESSION ['user_id'];