我有一个网页.对网页的身份验证由我设置的ldap服务器处理.现在我不想实现会话,因此当用户处于非活动状态一段时间(在下面的情况下,10秒)时,会话将结束,用户将从ldap服务器取消绑定.我发现这段代码摘录:
<?php
session_cache_expire(20);
session_start();
$inactive = 10;
if(isset($_SESSION['start'])) {
$session_life = time() - $_SESSION['start'];
if($session_life > $inactive){
header("Location: endSession.php");
}
}
$_SESSION['start'] = time();
?>
它不起作用.如果我刷新页面,它会将我重定向到我的'endSession.php'页面,即使我是活跃的.
function check_auth_ldap () {
$sessionTimeoutSecs = 10;
$ldapServer = '11.22.33.44';
$ldapPort = 389;
if (!isset($_SESSION)) session_start();
if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) {
// Session is already authenticated
$ds = ldap_connect($ldapServer, $ldapPort);
if (ldap_bind($ds, $_SESSION['username'], $_SESSION['password'])) {
$_SESSION['lastactivity'] = time();
return $ds;
} else {
unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
header("Location: endSession.php");
exit;
}
} else if (isset($_POST['username'], $_POST['password'])) {
// Handle login requests
$ds = ldap_connect($ldapServer, $ldapPort);
if (ldap_bind($ds, $_POST['username'], $_POST['password'])) {
// Successful auth
$_SESSION['lastactivity'] = time();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
return $ds;
} else {
// Auth failed
header("Location: endSession.php");
exit;
}
} else {
// Session has expired or a logout was requested
unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
header("Location: endSession.php");
exit;
}
}
只需在每个受保护页面的顶部调用上述功能即可.这将处理所有身份验证过程.如果用户通过身份验证,它将返回LDAP连接资源,如果endSession.php不是,则将其重定向到.
只需将此行放在每个页面的顶部:
$ds = check_auth_ldap();
...而且该功能将为您完成所有的腿部工作.