我有一个地狱问题,我无法弄清楚我的生活。我为客户建立了一个超级简单的CMS。 CMS的每个不同页面都有并包含名为session.php的文件。PHP会话问题
session_start();
$username = $_SESSION['siteadmin'];
if (!$_SESSION['siteadmin']){
header('Location: login.php?status=2');
}
每一次,随机的东西都会从数据库中消失。所以,我设置了一个粗略的日志系统,通过CMS记录任何操作。那么,它又发生了。日志显示:
Logged in **.**.237.209 17:18 <-- thats me
Deleted board member id 12 195.42.102.25 16:49
Deleted board member id 15 195.42.102.25 16:49
Deleted board member id 8 195.42.102.25 16:49
Deleted board member id 10 195.42.102.25 16:49
Deleted board member id 9 195.42.102.25 16:49
Deleted board member id 4 195.42.102.25 16:49
Deleted board member id 3 195.42.102.25 16:49
Deleted board member id 5 195.42.102.25 16:49
Deleted board member id 6 195.42.102.25 16:49
Deleted board member id 11 195.42.102.25 16:49
Deleted board member id 7 195.42.102.25 16:49
Deleted review id 2 195.42.102.25 16:49
Deleted review id 3 195.42.102.25 16:49
并且持续几页。它甚至不显示195.42.102.25登录!最后一次发生在195.128.18.19。他们如何在没有会话变量的情况下加载窗口?我的代码中是否有安全漏洞,我完全忽略了它?!
在这个问题上的任何洞察力将是非常棒的。
感谢,
什么在你的“session.php”文件? – Arno 2010-01-06 09:17:58