21,893
社区成员
发帖
与我相关
我的任务
分享SESSION被覆蓋
事件產生過程:
1.在A電腦以用戶admin登陸系統,並將用戶ID保存到SESSION
2.在B電腦以用戶test登陸系統,並將用戶保存到SESSION
3.在A電腦顯示頁面顯示當前用戶為test
說明A電腦的SESSION在B電腦以test登陸時覆蓋了,不知何原因......
1.在A電腦以用戶admin登陸系統,並將用戶ID保存到SESSION
2.在B電腦以用戶test登陸系統,並將用戶保存到SESSION
3.在A電腦顯示頁面顯示當前用戶為test
說明A電腦的SESSION在B電腦以test登陸時覆蓋了,不知何原因......
...全文
请发表友善的回复…
发表回复
jaxio 2009-12-29
- 打赏
- 举报
session.auto_start Off Off 改为 on 试试
jaxio 2009-12-29
- 打赏
- 举报
session
Session Support enabled
Registered save handlers files user
Directive Local Value Master Value
session.auto_start On On
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path c:/php/tmp c:/php/tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off
tfxg 2009-12-29
- 打赏
- 举报
session
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path D:\xampp\tmp D:\xampp\tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path D:\xampp\tmp D:\xampp\tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
tfxg 2009-12-29
- 打赏
- 举报
$user=$_POST['username'];$pwd=$_POST['password'];
$pwd=md5($_POST['password']);
$sql = "select * from user where binary userName='$user'";
$sql = $sql . " and pwd = '$pwd'";
$result=mysql_query($sql) or die(mysql_error().$sql);
$row=mysql_fetch_array($result);
if(!mysql_num_rows($result)==0)
{
session_register('user');
session_register('deptID');
session_register('userID');
session_register('level');
$_SESSION['user']=$user;
$_SESSION['deptID']=$row['deptID'];
$_SESSION['userID']=$row['userID'];
$_SESSION['level']=$row['level'];
echo "<script language='javascript'>window.location.href='admin.php';</script>";
}
每頁的最前加了session_start();
jaxio 2009-12-29
- 打赏
- 举报
多试几次,看看。如果还这样,顺便看看phpinfo中session 的配置是否正常
ClintNorthwood 2009-12-29
- 打赏
- 举报
session_id 是唯一的,一般不会发生覆盖情况,可以把操作session部分的代码贴上来么?
iwantnet 2009-12-29
- 打赏
- 举报
呵呵,虚惊一场
tfxg 2009-12-29
- 打赏
- 举报
未做任何修改,已經正常
iwantnet 2009-12-29
- 打赏
- 举报
如果在页面开始设置session_start();
就真接可以使用 $SESSION[userID]=$row[userID];
不需要在加session_register('user');
就真接可以使用 $SESSION[userID]=$row[userID];
不需要在加session_register('user');
foolbirdflyfirst 2009-12-29
- 打赏
- 举报
session_start()前面没有session_id的设置吧?
苍蝇①号 2009-12-29
- 打赏
- 举报
学习
