PHP session 在一种情况下在 header 之后保留,在另一种情况下在 header 之后丢失
PHP session preserved after header in one case, lost after header in another
有很多关于 PHP session 在 header 重定向后丢失的帖子。我的问题是我有一个脚本,其中 session 在 header 重定向后被保留,而另一个脚本则没有。
session 在此脚本中 header 重定向后保留:
<?php
session_start();
include 'settings.php';
include 'mysql_connect.php';
$name = mysqli_real_escape_string($conn, $_POST['user_name']);
$email = mysqli_real_escape_string($conn, $_POST['user_email']);
$fbid = mysqli_real_escape_string($conn, $_POST['user_fbid']);
$sql = "SELECT * FROM users WHERE email = '" . $email . "'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
if($row = $result->fetch_assoc()) {
$_SESSION['user_name'] = $row['name'];
$_SESSION['user_email'] = $row['email'];
$_SESSION['user_fb_id'] = $row['fb_id'];
$_SESSION['user_pundit_name'] = $row['pundit_name'];
$_SESSION['user_id'] = $row['id'];
header('Location: ' . $site_url . 'whats_next.php');
}
} else {
$insert_new_user = "INSERT INTO users (name, email, fb_id) VALUES ('" . $name . "', '" . $email . "', '" . $fbid . "')";
$result = $conn->query($insert_new_user);
$_SESSION['user_name'] = $name;
$_SESSION['user_email'] = $email;
$_SESSION['user_fb_id'] = $fb_id;
$_SESSION['user_id'] = $row['id'];
$msg = wordwrap("Congratulations " . $name . ",\nYou are now a registered Pundit. Like all pundits, you will be consulted for your wisdom from time from time to time. You will receive emails announcing an “open question” to be answered by you and your fellow pundits [or, if you have selected that option, you can go to PUNDITNETWORK.com and answer open question whenever you want.] The questions will usually ask you to forecast the outcome of an event in the near future. The question will remain open for a certain period of time. After that time, you can go to the Pundit forum at PUNDITNETWORK and discuss the question with fellow Pundits. We will add points to your Pundit rating for every right answer. High ratings can lead to recognition and prizes. As the PUNDITNETWORK grows, the opportunities for both recognition and prizes will also grow. In the meantime, enjoy the game! And feel free to challenge friends, relatives, classmates, teachers, co-workers or anybody who thinks he/she “knows it all” to test their skills and join you for a little friendly competition.", 70);
mail($email, "Welcome to PunditNetwork", $msg);
header('Location: ' . $site_url . 'whats_next.php');
}
?>
在此脚本中 header 重定向后 session 未保留:
<?php
session_start();
include 'settings.php';
include 'mysql_connect.php';
$email = $_GET['email'];
$secret_key = $_GET['secret_key'];
$q = "SELECT * FROM email_confirmations WHERE email = '" . $email . "' AND secret_key = '" . $secret_key . "'";
$r = $conn->query($q);
if ($r->num_rows > 0) {
if($row = $r->fetch_assoc()) {
$q1 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r1 = $conn->query($q1);
if ($r1->num_rows > 0) {
$q2 = "UPDATE users SET password = '" . $row['password'] . "' WHERE email = '" . $row['email'] . "'";
$r2 = $conn->query($q2);
$q3 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r3 = $conn->query($q3);
if ($row3 = $r3->fetch_assoc()) {
$_SESSION['user_name'] = $row3['name'];
$_SESSION['user_email'] = $row3['email'];
$_SESSION['user_fb_id'] = $row3['fb_id'];
$_SESSION['user_pundit_name'] = $row3['pundit_name'];
$_SESSION['user_id'] = $row3['id'];
// var_dump($_SESSION); // session is correct when var dumped
header('Location: ' . $site_url . 'whats_next.php');
}
}
/*
else {
$q2 = "INSERT INTO users (name, email, password) VALUES ('" . $row['name'] . "', '" . $row['email'] . "', '" . $row['password'] . "')";
$r2 = $conn->query($q2);
$q3 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r3 = $conn->query($q3);
if ($r3->num_rows > 0) {
if ($row3 = $r3->fetch_assoc()) {
$_SESSION['user_name'] = $row3['name'];
$_SESSION['user_email'] = $row3['email'];
$_SESSION['user_fb_id'] = $row3['fb_id'];
$_SESSION['user_pundit_name'] = $row3['pundit_name'];
$_SESSION['user_id'] = $row3['id'];
header('Location: ' . $site_url . 'whats_next.php');
}
}
}*/
}
}
else {
echo 'error, you got the wrong email';
}
?>
我曾经遇到过一个类似的问题,但它是针对 ASPx 的,仍然检查 url 在两个重定向中是否以 "www" 开头,让它们不同导致创建新的会话 ID 时我看了一下 issue.Take 可能是类似的情况。
如果有人想阅读 "www" 而不是 "www"
"URL with WWW and URL without WWW" -Is there any difference between them?
有很多关于 PHP session 在 header 重定向后丢失的帖子。我的问题是我有一个脚本,其中 session 在 header 重定向后被保留,而另一个脚本则没有。
session 在此脚本中 header 重定向后保留:
<?php
session_start();
include 'settings.php';
include 'mysql_connect.php';
$name = mysqli_real_escape_string($conn, $_POST['user_name']);
$email = mysqli_real_escape_string($conn, $_POST['user_email']);
$fbid = mysqli_real_escape_string($conn, $_POST['user_fbid']);
$sql = "SELECT * FROM users WHERE email = '" . $email . "'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
if($row = $result->fetch_assoc()) {
$_SESSION['user_name'] = $row['name'];
$_SESSION['user_email'] = $row['email'];
$_SESSION['user_fb_id'] = $row['fb_id'];
$_SESSION['user_pundit_name'] = $row['pundit_name'];
$_SESSION['user_id'] = $row['id'];
header('Location: ' . $site_url . 'whats_next.php');
}
} else {
$insert_new_user = "INSERT INTO users (name, email, fb_id) VALUES ('" . $name . "', '" . $email . "', '" . $fbid . "')";
$result = $conn->query($insert_new_user);
$_SESSION['user_name'] = $name;
$_SESSION['user_email'] = $email;
$_SESSION['user_fb_id'] = $fb_id;
$_SESSION['user_id'] = $row['id'];
$msg = wordwrap("Congratulations " . $name . ",\nYou are now a registered Pundit. Like all pundits, you will be consulted for your wisdom from time from time to time. You will receive emails announcing an “open question” to be answered by you and your fellow pundits [or, if you have selected that option, you can go to PUNDITNETWORK.com and answer open question whenever you want.] The questions will usually ask you to forecast the outcome of an event in the near future. The question will remain open for a certain period of time. After that time, you can go to the Pundit forum at PUNDITNETWORK and discuss the question with fellow Pundits. We will add points to your Pundit rating for every right answer. High ratings can lead to recognition and prizes. As the PUNDITNETWORK grows, the opportunities for both recognition and prizes will also grow. In the meantime, enjoy the game! And feel free to challenge friends, relatives, classmates, teachers, co-workers or anybody who thinks he/she “knows it all” to test their skills and join you for a little friendly competition.", 70);
mail($email, "Welcome to PunditNetwork", $msg);
header('Location: ' . $site_url . 'whats_next.php');
}
?>
在此脚本中 header 重定向后 session 未保留:
<?php
session_start();
include 'settings.php';
include 'mysql_connect.php';
$email = $_GET['email'];
$secret_key = $_GET['secret_key'];
$q = "SELECT * FROM email_confirmations WHERE email = '" . $email . "' AND secret_key = '" . $secret_key . "'";
$r = $conn->query($q);
if ($r->num_rows > 0) {
if($row = $r->fetch_assoc()) {
$q1 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r1 = $conn->query($q1);
if ($r1->num_rows > 0) {
$q2 = "UPDATE users SET password = '" . $row['password'] . "' WHERE email = '" . $row['email'] . "'";
$r2 = $conn->query($q2);
$q3 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r3 = $conn->query($q3);
if ($row3 = $r3->fetch_assoc()) {
$_SESSION['user_name'] = $row3['name'];
$_SESSION['user_email'] = $row3['email'];
$_SESSION['user_fb_id'] = $row3['fb_id'];
$_SESSION['user_pundit_name'] = $row3['pundit_name'];
$_SESSION['user_id'] = $row3['id'];
// var_dump($_SESSION); // session is correct when var dumped
header('Location: ' . $site_url . 'whats_next.php');
}
}
/*
else {
$q2 = "INSERT INTO users (name, email, password) VALUES ('" . $row['name'] . "', '" . $row['email'] . "', '" . $row['password'] . "')";
$r2 = $conn->query($q2);
$q3 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r3 = $conn->query($q3);
if ($r3->num_rows > 0) {
if ($row3 = $r3->fetch_assoc()) {
$_SESSION['user_name'] = $row3['name'];
$_SESSION['user_email'] = $row3['email'];
$_SESSION['user_fb_id'] = $row3['fb_id'];
$_SESSION['user_pundit_name'] = $row3['pundit_name'];
$_SESSION['user_id'] = $row3['id'];
header('Location: ' . $site_url . 'whats_next.php');
}
}
}*/
}
}
else {
echo 'error, you got the wrong email';
}
?>
我曾经遇到过一个类似的问题,但它是针对 ASPx 的,仍然检查 url 在两个重定向中是否以 "www" 开头,让它们不同导致创建新的会话 ID 时我看了一下 issue.Take 可能是类似的情况。
如果有人想阅读 "www" 而不是 "www" "URL with WWW and URL without WWW" -Is there any difference between them?