【问题标题】:session is available in subdomains but not physically shown会话在子域中可用,但未实际显示
【发布时间】:2017-01-17 05:49:54
【问题描述】:

我正在开发一个网站
Red Sec
我为所有子域使用 1 个帐户:

  • 公告
  • 论坛
  • 博客
  • 新闻
  • 捐赠

所有页面都具有相同的样式,只是通过将它们全部连接到http://red-sec.net/res/menu.php 来实现不同的内容。 这是它的代码,因为您无法阅读它:

<?php
require 'connection.php';
function menu(){
  if(!isset($_SESSION['username'])){
  echo '<nav class="navbar navbar-default navbar-fixed-top shadow">
    <div class="container">
      <a href="http://red-sec.net" class="navbar-brand">Red-Sec.net</a>
      <ul class="nav navbar-nav">
        <li class="menuitem"><a href="http://red-sec.net">Home</a></li>
        <li class="menuitem"><a href="http://announcements.red-sec.net">Announcements</a></li>
        <li class="menuitem"><a href="http://forum.red-sec.net">Forum</a></li>
        <li class="menuitem"><a href="http://blog.red-sec.net">Blog</a></li>
        <li class="menuitem"><a href="http://news.red-sec.net">News</a></li>
        <li class="menuitem"><a href="http://donate.red-sec.net">Donate</a></li>
      </ul>
      <ul class="nav navbar-nav navbar-right">
        <li class="menuitem"><a href="http://red-sec.net/signup.php">Sign Up</a></li>
        <li class="menuitem"><a href="http://red-sec.net/Login.php">Log In</a></li>
      </ul>
    </div>
  </nav>
  <script
    src="https://code.jquery.com/jquery-3.1.1.js"
    integrity="sha256-16cdPddA6VdVInumRGo6IbivbERE8p7CQR3HzTBuELA="
    crossorigin="anonymous"></script>
  <script src=" ../js/menu.js"></script>
  <div class="container bg">
  <div class="row full">
  <div class="col-lg-8 bd">';
}else{
  $username = $_SESSION['username'];
  echo '<nav class="navbar navbar-default navbar-fixed-top shadow">
    <div class="container">
      <a href="http://red-sec.net" class="navbar-brand">Red-Sec.net</a>
      <ul class="nav navbar-nav">
        <li class="menuitem"><a href="http://beta.red-sec.net">Home</a></li>
        <li class="menuitem"><a href="http://announcements.red-sec.net">Announcements</a></li>
        <li class="menuitem"><a href="http://forum.red-sec.net">Forum</a></li>
        <li class="menuitem"><a href="http://blog.red-sec.net">Blog</a></li>
        <li class="menuitem"><a href="http://news.red-sec.net">News</a></li>
        <li class="menuitem"><a href="http://donate.red-sec.net">Donate</a></li>
      </ul>
      <ul class="nav navbar-nav navbar-right">
        <li class="menuitem"><a href="http://red-sec.net/profile.php">'.$username.'</a></li>
        <li class="menuitem"><a href="http://red-sec.net/Logout.php">Log Out</a></li>
      </ul>
    </div>
  </nav>
  <script
    src="https://code.jquery.com/jquery-3.1.1.js"
    integrity="sha256-16cdPddA6VdVInumRGo6IbivbERE8p7CQR3HzTBuELA="
    crossorigin="anonymous"></script>
  <script src="../js/menu.js"></script>
  <div class="container bg">
  <div class="row full">
  <div class="col-lg-8 bd">';
}
}
function endbd(){
    require'connection.php';
  echo '</div>
  <div class="col-lg-4 bd sidebar">
  <h2 class="title">Latest News Post</h2>
<hr class="under">';
$query = "SELECT * FROM news ORDER BY date DESC LIMIT 1";
$run = mysqli_query($connect,$query);
if(!$run){
    echo 'sorry';
}
$row = mysqli_fetch_array($run);
  $article_id = $row['article_id'];
  $user_id = $row['user_id'];
  $title = $row['title'];
  $content = $row['content'];
  $date = $row['date'];
  $query = "SELECT username FROM users WHERE ID = '$user_id'";
  $test = mysqli_query($connect,$query);
  $row2 = mysqli_fetch_array($test);
  $user_name = $row2['username'];
  echo '<div class="row">
  <div class="col-lg-12"><h3 class="para"><a class="para" href="/news/article.php?id='.$article_id.'">'.$title.'</a></h3>
  <p class="para">Written by: '.$user_name.'</p>
  </div>
  </div>
  </div>
  </div>
  </div>';
}
 ?>

我注意到,当您登录主页并转到子域时,菜单会显示注册或登录,而不是您的用户名,这是应该做的。
但是,当您单击注册或登录时,它只会刷新页面并向您显示您的用户名和旁边的注销选项。意味着会话在子域中工作,但由于某种原因一开始没有显示,所以你必须刷新它?有人可以解释为什么会这样吗?

编辑:
这是我如何使用 res/menu.php

的示例
<?php
session_start();
include 'res/connection.php';
include 'res/menu.php';
?>
<!DOCTYPE html>
<html>
<head>
  <title>R3D S3C | Home page</title>
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"/>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
  <link rel="stylesheet" type="text/css" href="css/style1.css"/>
  <link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'>
</head>
<body>
<?php menu(); ?>
<h2 class="title">Red Sec</h2>
<p class="para">Long Lorem Ipsum text goes here...</p>
<?php endbd(); ?>
</body>
</html>

编辑 2:
按要求登录页面:

<?php
session_start();
include 'res/connection.php';
include 'res/menu.php';
if(isset($_SESSION['username'])){
  header('Location: profile.php');
}
?>
<!DOCTYPE html>
<html>
<head>
  <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
  <link href="css/style1.css" rel="stylesheet" type="text/css"/>
  <title>Red Sec | Login</title>
</head>
<body>
      <?php
      $error = "";
      $userErr = "";
      $passErr = "";
        if(isset($_POST['Login'])){
          $username = $_POST['username'];
          $password = $_POST['password'];
          if($username == ""){
            $userErr = "Username cannot be empty";
          }else{
            $userErr = "";
          }
          if($password == ""){
            $passErr = "Password cannot be empty";
          }else if(strlen($password) > 32){
              $passErr = "Password too long";
          }
          else{
            $passErr = "";
          }
          if($userErr == "" && $passErr == ""){
            $sql = "SELECT * FROM users WHERE username = '$username' OR email = '$username'";
            $result = mysqli_query($connect,$sql);
            if(!$result){
              $error = "Unable to retrieve information, please try again later.";
            }else if(mysqli_num_rows($result) < 1){
              $error = "This account does not exist!";
            }else{
              $row = mysqli_fetch_array($result);
              $dbpassword = $row['password'];
              $salt = $row['salt'];
              $password = crypt($password,$salt);
              if($password == $dbpassword){
                $_SESSION['id'] = $row['ID'];
                $_SESSION['username'] = $row['username'];
                $_SESSION['email'] = $row['email'];
                $error = "";
                echo "<script>window.location = 'profile.php'</script>";
              }else{
                $error = "username or email / Password combination is wrong!";
              }
            }
          }else{
            $error = "";
          }
        }
      ?>
      <?php menu(); ?>
      <h2 class="title">Log In</h2>
        <form id="register-form" class="text-left" method="post">
            <div class="login-form-main-message"></div>
            <div class="main-login-form">
                <div class="login-group">
          <p class="error"><?php echo $error; ?></p>
                    <div class="form-group">
                        <label for="reg_username" class="sr-only">Username or Email</label>
                        <input type="text" class="form-control" id="reg_username" name="username" placeholder="Username or Email">
            <p class="error"><?php echo $userErr; ?></p>
                    </div>
                    <div class="form-group">
                        <label for="reg_password" class="sr-only">Password</label>
                        <input type="password" class="form-control" id="reg_password" name="password" placeholder="password">
            <p class="error"><?php echo $passErr; ?></p>
          </div>
          <div class="move">
                <button class="button btn btn-primary" value="Login" name="Login">Login</button>
            </div>
    </div>
</div>
        </form>
    <?php endbd(); ?>
</body>
</html>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>

【问题讨论】:

  • 请随意尝试所有密码和用户信息在存储到数据库之前都经过哈希处理
  • 最大服务器出于安全原因不将会话主域转移到子域

标签: javascript php jquery html css


【解决方案1】:

请阅读这篇文章

https://stackoverflow.com/a/11030316/6329312

PHP:

<?php
session_set_cookie_params(0, '/', '.mywebsite.com');
session_start();
//Code...
?>

【讨论】:

    【解决方案2】:

    试试这个方法

    &lt?php 会话名称(“我的会话”); session_set_cookie_params(0,"/",".yoursite.com"); session_start();

    并且您应该能够在整个站点的子域中进行会话

    【讨论】:

    • “子域”实际上是文件夹而不是物理子域,这会改变什么吗?
    • 并非如此,因为所有子域都是同一域根目录下的文件夹
    【解决方案3】:

    我已经解决了所有感兴趣的人。
    注意事项
    你需要这样做:

    ini_set('session.cookie_domain', '.yourdomainhere.com');
    session_set_cookie_params(0, '/', '.yourdomainhere.com');
    

    对我来说这是这两者的混合,你必须把它们放在每个调用 php 函数 session_start() 的页面中;
    你必须把它放在 session_start() 之前; 它对我有用:)
    希望它也适合你

    【讨论】:

    • 为了看到它正常工作,您需要清除缓存并删除浏览器中的所有 cookie
    猜你喜欢
    • 1970-01-01
    • 2016-03-26
    • 2017-04-04
    • 2016-08-26
    • 2015-11-23
    • 1970-01-01
    • 1970-01-01
    • 2014-02-25
    • 1970-01-01
    相关资源
    最近更新 更多