PHP Session ID 没有无效超时性，怎么做？-CSDN博客

本文链接：https://blog.csdn.net/qq_37805832/article/details/148545628
<?php
/**
 * Session ID 基本有效性检查
 * 只处理：无效、超时等核心问题
 */

// 启动Session
session_start();

// 设置Session超时时间（30分钟）
$session_timeout = 1800;

echo "<h1>Session ID 基本检查</h1>\n";
echo "<p>当前 Session ID: " . session_id() . "</p>\n";

// ===== 检查Session有效性 =====
$need_action = false;
$action_reason = "";

// 1. 检查Session ID是否存在
if (empty(session_id())) {
    $need_action = true;
    $action_reason = "Session ID 不存在";
}

// 2. 检查Session是否超时
if (!$need_action && isset($_SESSION['last_activity'])) {
    $inactive_time = time() - $_SESSION['last_activity'];
    
    if ($inactive_time > $session_timeout) {
        $need_action = true;
        $action_reason = "Session 已超时（非活动时间: {$inactive_time} 秒，超过限制: {$session_timeout} 秒）";
    }
}

// 3. 检查用户代理（防Session劫持）
if (!$need_action && isset($_SESSION['user_agent'])) {
    if ($_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) {
        $need_action = true;
        $action_reason = "用户代理不匹配 - 可能的Session劫持";
    }
}

// ===== 如果需要处理，执行相应操作 =====
if ($need_action) {
    echo "<div style='border: 2px solid red; padding: 15px; margin: 10px 0; background: #ffebee;'>\n";
    echo "<h2 style='color: red;'>⚠ Session 问题检测</h2>\n";
    echo "<p><strong>问题:</strong> {$action_reason}</p>\n";
    
    // 销毁无效Session
    session_unset();
    session_destroy();
    
    // 重新开始新Session
    session_start();
    session_regenerate_id(true);
    
    // 初始化新Session数据
    $_SESSION['last_activity'] = time();
    $_SESSION['created_at'] = time();
    $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
    
    echo "<p style='color: blue;'><strong>处理:</strong> 已创建新的安全Session</p>\n";
    echo "<p><strong>新 Session ID:</strong> " . session_id() . "</p>\n";
    echo "</div>\n";
    
} else {
    // Session有效，只更新活动时间
    if (!isset($_SESSION['last_activity'])) {
        // 第一次访问
        $_SESSION['last_activity'] = time();
        $_SESSION['created_at'] = time();
        $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
        
        echo "<div style='border: 2px solid green; padding: 15px; margin: 10px 0; background: #e8f5e8;'>\n";
        echo "<h2 style='color: green;'>✓ 新 Session 已创建</h2>\n";
        echo "</div>\n";
    } else {
        // 更新活动时间
        $_SESSION['last_activity'] = time();
        
        $inactive_time = time() - $_SESSION['last_activity'];
        $remaining_time = $session_timeout - $inactive_time;
        
        echo "<div style='border: 2px solid green; padding: 15px; margin: 10px 0; background: #e8f5e8;'>\n";
        echo "<h2 style='color: green;'>✓ Session 有效</h2>\n";
        echo "<p>剩余有效时间: {$remaining_time} 秒</p>\n";
        echo "</div>\n";
    }
}

// ===== 显示当前Session基本信息 =====
echo "<h2>Session 信息</h2>\n";
echo "<table border='1' cellpadding='8' cellspacing='0' style='border-collapse: collapse; margin: 10px 0;'>\n";
echo "<tr style='background: #f0f0f0;'><th>属性</th><th>值</th></tr>\n";

echo "<tr><td>Session ID</td><td>" . session_id() . "</td></tr>\n";

if (isset($_SESSION['created_at'])) {
    echo "<tr><td>创建时间</td><td>" . date('Y-m-d H:i:s', $_SESSION['created_at']) . "</td></tr>\n";
}

if (isset($_SESSION['last_activity'])) {
    echo "<tr><td>最后活动时间</td><td>" . date('Y-m-d H:i:s', $_SESSION['last_activity']) . "</td></tr>\n";
    $inactive_time = time() - $_SESSION['last_activity'];
    echo "<tr><td>非活动时间</td><td>{$inactive_time} 秒</td></tr>\n";
}

echo "<tr><td>超时设置</td><td>{$session_timeout} 秒</td></tr>\n";
echo "</table>\n";

// ===== 测试按钮 =====
echo "<h2>测试功能</h2>\n";
echo "<div style='margin: 20px 0;'>\n";

echo "<a href='" . $_SERVER['PHP_SELF'] . "' style='display: inline-block; padding: 10px 15px; background: #007cba; color: white; text-decoration: none; margin-right: 10px;'>刷新检查</a>\n";

echo "<a href='" . $_SERVER['PHP_SELF'] . "?test=timeout' style='display: inline-block; padding: 10px 15px; background: #ffc107; color: black; text-decoration: none; margin-right: 10px;'>模拟超时</a>\n";

echo "<a href='" . $_SERVER['PHP_SELF'] . "?test=destroy' style='display: inline-block; padding: 10px 15px; background: #dc3545; color: white; text-decoration: none;'>销毁Session</a>\n";

echo "</div>\n";

// ===== 处理测试操作 =====
if (isset($_GET['test'])) {
    $test = $_GET['test'];
    
    if ($test === 'timeout') {
        // 模拟超时：将last_activity设置为很早的时间
        $_SESSION['last_activity'] = time() - $session_timeout - 100;
        echo "<div style='background: #fff3cd; border: 1px solid #ffeaa7; padding: 10px; margin: 10px 0;'>\n";
        echo "已模拟Session超时，请刷新页面查看效果\n";
        echo "</div>\n";
        
    } elseif ($test === 'destroy') {
        session_unset();
        session_destroy();
        echo "<div style='background: #f8d7da; border: 1px solid #f5c6cb; padding: 10px; margin: 10px 0;'>\n";
        echo "Session已销毁。<a href='" . $_SERVER['PHP_SELF'] . "'>点击重新开始</a>\n";
        echo "</div>\n";
        exit;
    }
}

echo "<hr>\n";
echo "<p><small>页面生成时间: " . date('Y-m-d H:i:s') . "</small></p>\n";
?>