1. 首页
  2. 问答
  3. 为什么会话ID经常变化?

为什么会话ID经常变化?

2017-04-03 82 views
1

我已经在数据库中设置了会话存储。当我拨打session_destroy时,它会在数据库中搜索特定session_id以删除它。为什么会话ID经常变化?

由于会话ID经常变化,新的session_id与之前存储的db session_id不匹配,所以这些会话数据不会被删除。即使gc也无法正常工作。所有会话数据都被保存到数据库中,但不会被破坏。

DbSessionHandler.php

class DbSessionHandler implements SessionHandlerInterface{ 

public $dbconnect; 
public function __construct($db){ 
    $this->dbconnect=$db; 
    session_set_save_handler(
     array($this, 'open'), 
     array($this, 'close'), 
     array($this, 'read'), 
     array($this, 'write'), 
     array($this, 'destroy'), 
     array($this, 'gc') 
    ); 
    register_shutdown_function(session_write_close()); 
    session_start(); 
} 

//make sure whether db connection is successfull 
public function open($savepath, $id) 
{ 
    return $this->dbconnect ? true : false; 
} 

public function close() 
{ 
    return true; 
} 

//read from database based on id, always return a string even if it is empty 
public function read($id) 
{ 
    $data = ""; //declare empty string, if no data found, can return this empty string 
    $session_row = $this->dbconnect->prepare("select session_data from session_store where session_id=:id"); 
    $session_row->execute(array(":id" => $id)); 
    if ($session_row->rowCount() > 0) { 
     $datas = $session_row->fetch(); 
     $data=$datas["session_data"]; 
    } 
    return $data; 

} 

/** 
* Write session_data using replace query (which does either insert or update) 
*/ 
public function write($id, $data) 
{ 
    if(!(empty($data))) { 
     $time = time(); 
     $session_write = $this->dbconnect->prepare("REPLACE INTO session_store VALUES(:id,:data,:expire)"); 
     if ($session_write->execute(array(":id" => $id, ":data" => $data, ":expire" => $time))) { 
      return true; 
     } 
    } 
    return false; 
} 

/** 
* Destroy 
*/ 
public function destroy($id) 
{ 
    $destroy = $this->dbconnect->prepare("delete from session_store where session_id = :id"); 
    if ($destroy->execute(array(":id" => $id))) { 
     return true; 
    } 
    return false; 
} 

/** 
* Garbage Collection 
*/ 
public function gc($max) 
{ 
    //Delete all records who have passed the expiration time 
    $time=time(); 
    $delete = $this->dbconnect->prepare("delete from session_store where session_expire < :oldtime"); 
    if ($delete->execute(array(":oldtime" => $time - $max))) { 
     return true; 
    } 
    return false; 
}

}

其启动会话

php文件:

function initiate_session() 
{ 
$session_hash = 'sha512'; 
$session_name = 'some_name'; 
$secure = false; 
$httponly = true; 
ini_set('session.use_only_cookies', 1); 
ini_set('session.hash_function', $session_hash); 
ini_set('session.hash_bits_per_character', 5); 
$cookieParams = session_get_cookie_params(); 
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly); 
session_name($session_name); 
new DbSessionHandler(db_connect());

}

session_id

在此图片中,您可以看到,表中的session_id和脚本中的session_id不同,使得数据库中的会话数据不会被删除。

来源

2017-04-03 Learning

+0

Session_id是否更改记录的用户或新用户? –

+0

登录的用户。有时会删除一些会话记录,因为没有会话ID更改。有时它不会因相同用户的不同会话ID而被删除。所以事情并不总是会话ID的变化。 – Learning

回答

-1

尝试使用此 session_regenerate_id(true);

传递TRUE布尔值会在创建另一个时破坏旧的会话ID。你可以将这个添加到initiate_session()函数中。

来源

2017-04-04 07:14:55

相关问题

 相关问题