为什么我的会话变量不能跨站点工作?
我显然在我的代码中设置了它们,否则以管理员身份登录不会重定向到管理员页面。
如果有人对问题是什么,为什么 $_SESSION 变量没有节省等有建议,我将不胜感激。
使用 IIS 7 和 FastCGI,php.ini 为默认值。
代码示例:
<?php session_start();
/* Include database config file. */
include("db_config.php");
/* If POST request do code. */
if ($_SERVER['REQUEST_METHOD']=='POST')
{
/* Set variables for form fields. */
$username=$_POST["username"];
$password=$_POST["password"];
/* Queries on login. */
$query_params=array($username,$password);
$query="SELECT * FROM users WHERE username=? AND password=?";
$qresults=sqlsrv_query($dbconnect,$query,$query_params);
$permission_q="SELECT permission FROM users WHERE username=? AND password=?";
$permission_qr=sqlsrv_query($dbconnect,$permission_q,$query_params);
$firstname_q="SELECT firstname FROM users WHERE username=? AND password=?";
$firstname_qr=sqlsrv_query($dbconnect,$firstname_q,$query_params);
$lastname_q="SELECT lastname FROM users WHERE username=? AND password=?";
$lastname_qr=sqlsrv_query($dbconnect,$lastname_q,$query_params);
/* If any queries fail then kill script. */
if(sqlsrv_fetch($firstname_qr)===false)
{
die("Firstname couldn't be verified, terminated connection.");
}
$firstname=sqlsrv_get_field($firstname_qr,0);
if(sqlsrv_fetch($lastname_qr)===false)
{
die("Lastname couldn't be verified, terminated connection.");
}
$lastname=sqlsrv_get_field($lastname_qr,0);
if(sqlsrv_fetch($permission_qr)===false)
{
die("Permissions could not be verified, terminating connection.");
}
$permissions=sqlsrv_get_field($permission_qr,0);
/* If the username and password query results exist then do code. */
if(isset($qresults))
{
/* Number of rows is fetch array of username and pass results. */
$num_rows=sqlsrv_fetch_array($qresults,SQLSRV_FETCH_NUMERIC);
/* If rows is not null or is set then do code. */
if($num_rows!=null)
{
$_SESSION['username']=$username;
$_SESSION['firstname']=$firstname;
$_SESSION['lastname']=$lastname;
$_SESSION['permissions']=$permissions;
/* If permissions is equivelant to admin send to admin page. */
if($_SESSION['permissions']==="admin")
{
session_write_close();
echo '<meta http-equiv="refresh" content="0; url=./content/admin_dash.php">';
die();
//endif
}
else
{
session_write_close();
echo '<meta http-equiv="refresh" content="0; url=./content/user_dash.php">';
die();
//endelse
}
//endif
}
else
{
//elseif num_rows not true
echo "Invalid Login.<br/>Your credentials did not match or there was an error.<br/>";
$_SESSION['username'] = '';
if(sqlsrv_errors(SQLSRV_ERR_ALL)==null)
{
echo "No errors detected.";
//endif
}
else
{
echo "Errors detected:<br/>";
print_r( sqlsrv_errors(SQLSRV_ERR_ALL));
//endelse
}
//endelse
}
//endif
}
else
{
die("Error with query. Contact your system admin.");
//endelse
}
//endif
}
else
{
die("Request was not POST. Please use login page.");
//endelse
}
?>
因为这不是会话(通常)的工作方式。会话 Cookie 仅存储会话 ID。会话中的实际信息仅存储在服务器上。
cookie 只是使 PHP 能够查找存储在您的 Web 服务器上的会话变量(作为文件或数据库)。它增加了额外的安全性,因为人们无法嗅探数据值,也不需要 cookie 变得很长。
如前所述,会话 cookie 仅存储会话 ID。
如果您想保存到包含自定义内容的 cookie,请参阅这篇文章。 http://davidwalsh.name/php-cookies
我发现了问题,C:''Windows''Temp文件夹权限尚未设置为接受IIS_IUSRS用户,从而阻止IIS在Temp文件夹中保存任何内容,包括会话。