0
因此,我有index.php (root)
用户提交表单,它重新生成页面加载时的session_id并存储在隐藏的输入中。持续当前会话无论页面重新加载
在进入在root index.php
文件中的数据,它们被发送到一profile page
,其具有:
session_start(); // Bring in old sessionID
$sess_id = session_id();
// If no sessionID redirect back home.
if(empty($sess_id)) {
header('Location: ../index.php');
}
// If don't enter, then reload page, redirect back home
elseif(empty($_POST['firstNm']) || empty($_POST['lastNm'])) {
header('Location: ../index.php');
}
// If sessionID first send off this data inputted from ../index.php then regenerate session id and update db
else {
// Connect to db
$_SERVER['DOCUMENT_ROOT'] = 'SiteRoot/';
// Grabs a new user's : username, pass, email from default [index.php] once submitted
require_once($_SERVER['DOCUMENT_ROOT'].'cfg/'.'dbi.php');
require_once($_SERVER['DOCUMENT_ROOT'].'registration/'.'inituserCredentialsGrab.php');
// After submitting original values, update new session ID in database since original was viewable via source hidden inputs
require_once($_SERVER['DOCUMENT_ROOT'].'registration/'.'newUserSessIDInitReg.php');
}
此文件基本上得到所有的初始输入。获取通过查看源...可见的初始session_id并重新生成它。重新生成后,它提交给数据库。
问题是,如果我转到RELOAD
页面,它似乎再次重新生成该ID。我该如何解决这个问题,以便无论在当前浏览器会话期间刷新多少次,都不会执行regenerate_id
?