|
其他网络登录正常,在特定的无线网络下登录时,总是失败,错误日志记载
ERROR - 2013-08-14 16:47:21 --> The session cookie data did not match what was expected. This could be a possible hacking attempt.
是执行到下面 if ($hash !== md5($session.$this->encryption_key))
是销毁了session,而且在系统session表中 会在同一时间插入三条session 有两条没有user_date值的。(注:这个机制是采用stblog的)
请教解决方法。
system/libraries/session.php
// encryption was not used, so we need to check the md5 hash
$hash = substr($session, strlen($session)-32); // get last 32 chars
$session = substr($session, 0, strlen($session)-32);
// Does the md5 hash match? This is to prevent manipulation of session data in userspace
if ($hash !== md5($session.$this->encryption_key))
{
log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
$this->sess_destroy();
return FALSE;
}
|
|