PHP session variable shows as empty on refresh

2019-06-05 04:17发布

To pretty up my url and make the multi-step activation process easier, I've programmed my page to store the userID and activation code from the activation email as session variables. When a userID and actCode are in the url, it saves them as session variables, then redirects to activate (I've used htaccess to take off the .php part)

It works the first time (when the page refreshes itself) but when you move to a different step or refresh the page manually, it erases them.

Here's my code:

  <?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();

if ( (!empty($_GET['u'])) && (!empty($_GET['a'])) ) {
    $_SESSION["activate_userID"]        = $_GET['u'];
    $_SESSION["activate_actCode"]       = $_GET['a'];
    header( 'Location:activate') ;
}else{
    $userID = $_SESSION["activate_userID"];
    $actCode = $_SESSION["activate_actCode"];
    echo 'session variable found: '.$actCode;
}

if ($actCode == ""){$actCode = "nUlL";}


require "***connection script***";



$checkCode = "SELECT ***account details***, `activationExpire` FROM `users` WHERE `userID` = \"$userID\"; ";
$result = $conn->query($checkCode);

if ($result->num_rows > 0) {
    // output data of each row
    while($actInfo = $result->fetch_assoc()) {
    *** account details are here ***
    $step               =   $actInfo['activationStatus'];
    $activationCode     =   $actInfo['activationCode'];
    $activationExpire   =   $actInfo['activationExpire'];
    }
}
?>

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
    <title>Activate - FiestaUSA</title>
    <link href="includes/css/materialize.min.css" type="text/css" rel="stylesheet" media="screen,projection"/>
    <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">

</head>

<body class="blue" background="includes/images/bg.jpg" style="background-size: cover;">
    <div class="row">
        <div class="col s10 m8 l6 offset-s1 offset-m2 offset-l3" style="padding-top: 50px">
            <div class="card-panel z-depth-2 ">
                <div class="row center">
                    <img src="includes/images/white480.png">
                </div>
                <div class="row">

    <?php
                $now = date('Y-m-d H:i:s');
                if($actCode !== $activationCode) {
          echo '
              <p>
                  There was a problem activating your account. Please email
                  <a href="mailto:activation@fiestausa.com?Subject=Account%20Activation">activation@fiestausa.com</a>
              </p>
          ';
        }
        elseif ($activationExpire < $now){
                    echo '
                            <p>
                                    Your activation code has expired. Please email
                                    <a href="mailto:activation@fiestausa.com?Subject=Account%20Activation">activation@fiestausa.com</a>
                            </p>
                    ';

                ;} else {

                    if ($step == 6){
                        header( 'Location:signin') ;
                    }

                    if ($step == 5){
                        require "includes/php/activation/s5.php";
                    }

                    if ($step == 4){
                        require "includes/php/activation/s4.php";
                    }

          elseif ($step == 3){
            require "includes/php/activation/s3.php";
          }

          elseif ($step == 2){
            require "includes/php/activation/s2.php";
          }

          elseif ($step == 1){
            require "includes/php/activation/s1.php";
          }
        }
    ?>
                </div>
            </div>
        </div>
    </div>
</body>

</html>

You can test it at http://fiestausa.com/myevent/activate.php?u=2&a=fiverr

1条回答
地球回转人心会变
2楼-- · 2019-06-05 05:08

A reason why your session may be returning unexpected behaviour. You mentioned a redirect you are issuing. But are you redirecting to the same domain and subdomain?

If your website is querying both www and non-www versions, then you may be getting different sessions because they are being treated as different sub-domains. You can change your htaccess to fix this, or you can check by going into your development console and typing document.cookie and comparing the two pages.

查看更多
登录 后发表回答