Ion_auth - 一个会话中有多个用户
Ion_auth - multiple users on one session
我已经将 ion_auth 与 codeigniter 一起用于系统 3 年了。突然间,会话无法正常工作。
当用户 A 登录网站时,他们的会话似乎与所有其他用户共享。因此,当用户 B 然后导航到任何路由时,它们 "logged in" 具有用户 A 的凭据。
我已经对多个用户进行了测试,只要一个用户登录该站点,访问该站点的所有其他用户都会自动使用该用户的凭据/会话登录。
如果用户注销并调用 auth/logout 路由,会话不会被销毁并且所有用户在该会话中保持登录状态。
登录后的初始重定向转到 /vehicle/index。一旦您导航到任何其他检查用户是否已登录的页面,您将被重定向到登录。
主控制器代码:
public function vehicle()
{
if (!$this->ion_auth->logged_in())
{
redirect('auth/login');
}
else {
if (!$this->ion_auth->is_admin()) {
/**
*
* User IS NOT admin
*
**/
// Get User_id if standard user
$user = $this->ion_auth->user()->row();
// Build Crud
控制器auth.php
public function logout()
{
$this->data['title'] = "Logout";
// log the user out
$logout = $this->ion_auth->logout();
// redirect them to the login page
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect('auth/login', 'refresh');
}
服务器 PHP 版本 5.6.30 - 构建日期 2017 年 2 月 3 日 07:51:58
Codeigniter 版本 2.2.1 - 版本未更改
Ion_Auth 配置:
$config['hash_method'] = 'bcrypt'; // sha1 or bcrypt, bcrypt is
STRONGLY recommended
$config['default_rounds'] = 8; // This does not apply if random_rounds is set to true
$config['random_rounds'] = FALSE;
$config['min_rounds'] = 5;
$config['max_rounds'] = 9;
$config['salt_prefix'] = version_compare(PHP_VERSION, '5.3.7', '<') ? 'a$' : 'y$';
/*
| -------------------------------------------------------------------------
| Authentication options.
| -------------------------------------------------------------------------
| maximum_login_attempts: This maximum is not enforced by the library, but is
| used by $this->ion_auth->is_max_login_attempts_exceeded().
| The controller should check this function and act
| appropriately. If this variable set to 0, there is no maximum.
*/
$config['site_title'] = "Cars in the park"; // Site Title, example.com
$config['admin_email'] = "nice@verynice.co.za"; // Admin Email, admin@example.com
$config['default_group'] = 'members'; // Default group, use name
$config['admin_group'] = 'admin'; // Default administrators group, use name
$config['identity'] = 'email'; // A database column which is used to login with
$config['min_password_length'] = 8; // Minimum Required Length of Password
$config['max_password_length'] = 20; // Maximum Allowed Length of Password
$config['email_activation'] = TRUE; // Email Activation for registration
$config['manual_activation'] = TRUE; // Manual Activation for registration
$config['remember_users'] = FALSE; // Allow users to be remembered and enable auto-login
$config['user_expire'] = 30; // How long to remember the user (seconds). Set to zero for no expiration
$config['user_extend_on_login'] = FALSE; // Extend the users cookies every time they auto-login
$config['track_login_attempts'] = TRUE; // Track the number of failed login attempts for each user or ip.
$config['track_login_ip_address'] = TRUE; // Track login attempts by IP Address, if FALSE will track based on identity. (Default: TRUE)
$config['maximum_login_attempts'] = 3; // The maximum number of failed login attempts.
$config['lockout_time'] = 600; // The number of seconds to lockout an account due to exceeded attempts
$config['forgot_password_expiration'] = 0; // The number of milliseconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
会话配置:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 30;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 30;
会话变量(用于登录用户。所有其他用户在会话中具有相同的信息):
stdClass Object ( [id] => 1148 [ip_address] => [username] => testing [password] => y$Q4fjUfsuOKM/Q8cnQt6j0uSXP.3mCqMnzDY1nBA9RDlwm [salt] => sadsda [email] => email@email.com [activation_code] => [forgotten_password_code] => [forgotten_password_time] => [remember_code] => [created_on] => 1426181328 [last_login] => 1490008619 [active] => 1 [first_name] => Name [last_name] => Testing [company] => [phone] => [user_id] => 1148 )
更改配置中的以下设置:
$config['sess_driver'] = 'database';
$config['sess_save_path'] = 'ci_sessions';
创建 Table ci_sessions:
对于MySQL:
DROP TABLE IF EXISTS `ci_sessions`;
CREATE TABLE IF NOT EXISTS `ci_sessions` (
`id` varchar(128) NOT NULL,
`ip_address` varchar(45) NOT NULL,
`timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
`data` blob NOT NULL,
KEY `ci_sessions_timestamp` (`timestamp`)
);
对于 PostgreSQL:
CREATE TABLE "ci_sessions" (
"id" varchar(128) NOT NULL,
"ip_address" varchar(45) NOT NULL,
"timestamp" bigint DEFAULT 0 NOT NULL,
"data" text DEFAULT '' NOT NULL
);
CREATE INDEX "ci_sessions_timestamp" ON "ci_sessions" ("timestamp");
将数据库用作会话驱动程序
“数据库”驱动程序使用关系数据库,例如 MySQL 或 PostgreSQL 来存储会话。这是许多用户的流行选择,因为它允许开发人员轻松访问应用程序中的会话数据 - 它只是数据库中的另一个 table。
但是,必须满足一些条件:
- 只能使用您的默认数据库连接(或您从控制器访问的
$this->db)。
- 您必须启用查询生成器。
- 您可以不使用持久连接。
- 您可以不使用启用cache_on设置的连接。
这是服务器问题(共享主机)。我将完整的应用程序移至新主机(vps 托管),一切都像以前一样工作。
按照 Rafiq 和其他评论员的建议更改为 DB 会话确实有助于测试。
我已经将 ion_auth 与 codeigniter 一起用于系统 3 年了。突然间,会话无法正常工作。
当用户 A 登录网站时,他们的会话似乎与所有其他用户共享。因此,当用户 B 然后导航到任何路由时,它们 "logged in" 具有用户 A 的凭据。
我已经对多个用户进行了测试,只要一个用户登录该站点,访问该站点的所有其他用户都会自动使用该用户的凭据/会话登录。
如果用户注销并调用 auth/logout 路由,会话不会被销毁并且所有用户在该会话中保持登录状态。
登录后的初始重定向转到 /vehicle/index。一旦您导航到任何其他检查用户是否已登录的页面,您将被重定向到登录。
主控制器代码:
public function vehicle()
{
if (!$this->ion_auth->logged_in())
{
redirect('auth/login');
}
else {
if (!$this->ion_auth->is_admin()) {
/**
*
* User IS NOT admin
*
**/
// Get User_id if standard user
$user = $this->ion_auth->user()->row();
// Build Crud
控制器auth.php
public function logout()
{
$this->data['title'] = "Logout";
// log the user out
$logout = $this->ion_auth->logout();
// redirect them to the login page
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect('auth/login', 'refresh');
}
服务器 PHP 版本 5.6.30 - 构建日期 2017 年 2 月 3 日 07:51:58
Codeigniter 版本 2.2.1 - 版本未更改
Ion_Auth 配置:
$config['hash_method'] = 'bcrypt'; // sha1 or bcrypt, bcrypt is
STRONGLY recommended
$config['default_rounds'] = 8; // This does not apply if random_rounds is set to true
$config['random_rounds'] = FALSE;
$config['min_rounds'] = 5;
$config['max_rounds'] = 9;
$config['salt_prefix'] = version_compare(PHP_VERSION, '5.3.7', '<') ? 'a$' : 'y$';
/*
| -------------------------------------------------------------------------
| Authentication options.
| -------------------------------------------------------------------------
| maximum_login_attempts: This maximum is not enforced by the library, but is
| used by $this->ion_auth->is_max_login_attempts_exceeded().
| The controller should check this function and act
| appropriately. If this variable set to 0, there is no maximum.
*/
$config['site_title'] = "Cars in the park"; // Site Title, example.com
$config['admin_email'] = "nice@verynice.co.za"; // Admin Email, admin@example.com
$config['default_group'] = 'members'; // Default group, use name
$config['admin_group'] = 'admin'; // Default administrators group, use name
$config['identity'] = 'email'; // A database column which is used to login with
$config['min_password_length'] = 8; // Minimum Required Length of Password
$config['max_password_length'] = 20; // Maximum Allowed Length of Password
$config['email_activation'] = TRUE; // Email Activation for registration
$config['manual_activation'] = TRUE; // Manual Activation for registration
$config['remember_users'] = FALSE; // Allow users to be remembered and enable auto-login
$config['user_expire'] = 30; // How long to remember the user (seconds). Set to zero for no expiration
$config['user_extend_on_login'] = FALSE; // Extend the users cookies every time they auto-login
$config['track_login_attempts'] = TRUE; // Track the number of failed login attempts for each user or ip.
$config['track_login_ip_address'] = TRUE; // Track login attempts by IP Address, if FALSE will track based on identity. (Default: TRUE)
$config['maximum_login_attempts'] = 3; // The maximum number of failed login attempts.
$config['lockout_time'] = 600; // The number of seconds to lockout an account due to exceeded attempts
$config['forgot_password_expiration'] = 0; // The number of milliseconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
会话配置:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 30;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 30;
会话变量(用于登录用户。所有其他用户在会话中具有相同的信息):
stdClass Object ( [id] => 1148 [ip_address] => [username] => testing [password] => y$Q4fjUfsuOKM/Q8cnQt6j0uSXP.3mCqMnzDY1nBA9RDlwm [salt] => sadsda [email] => email@email.com [activation_code] => [forgotten_password_code] => [forgotten_password_time] => [remember_code] => [created_on] => 1426181328 [last_login] => 1490008619 [active] => 1 [first_name] => Name [last_name] => Testing [company] => [phone] => [user_id] => 1148 )
更改配置中的以下设置:
$config['sess_driver'] = 'database';
$config['sess_save_path'] = 'ci_sessions';
创建 Table ci_sessions:
对于MySQL:
DROP TABLE IF EXISTS `ci_sessions`;
CREATE TABLE IF NOT EXISTS `ci_sessions` (
`id` varchar(128) NOT NULL,
`ip_address` varchar(45) NOT NULL,
`timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
`data` blob NOT NULL,
KEY `ci_sessions_timestamp` (`timestamp`)
);
对于 PostgreSQL:
CREATE TABLE "ci_sessions" (
"id" varchar(128) NOT NULL,
"ip_address" varchar(45) NOT NULL,
"timestamp" bigint DEFAULT 0 NOT NULL,
"data" text DEFAULT '' NOT NULL
);
CREATE INDEX "ci_sessions_timestamp" ON "ci_sessions" ("timestamp");
将数据库用作会话驱动程序
“数据库”驱动程序使用关系数据库,例如 MySQL 或 PostgreSQL 来存储会话。这是许多用户的流行选择,因为它允许开发人员轻松访问应用程序中的会话数据 - 它只是数据库中的另一个 table。
但是,必须满足一些条件:
- 只能使用您的默认数据库连接(或您从控制器访问的
$this->db)。 - 您必须启用查询生成器。
- 您可以不使用持久连接。
- 您可以不使用启用cache_on设置的连接。
这是服务器问题(共享主机)。我将完整的应用程序移至新主机(vps 托管),一切都像以前一样工作。
按照 Rafiq 和其他评论员的建议更改为 DB 会话确实有助于测试。