用户不接受Cookies-登录PHP
[英]User doesn't accept Cookies - login PHP
问题描述
In my login code on my website, if the password & username are correct, I set a cookie to keep the user logged in. I just heard from a user that he doesn't accept cookies automatically through his browser, and that that prevents him from logging in. That rhe cookie is not set. 
在我网站上的登录代码中,如果密码和用户名正确,我将设置一个cookie以保持该用户的登录状态。我刚刚听到一个用户的信息,即他不自动通过其浏览器接受cookie,这阻止了他从登录。该rhe cookie未设置。
Is there an easy way to counter that? 有一种简单的方法可以应对吗? Tell me if you need the code I use. 告诉我您是否需要我使用的代码。
1 个解决方案
解决方案1
1 已采纳 2013-04-30 11:34:10
It is possible to get this to work but often a real pain if you're using complex javascript/ajax. 可以使它正常工作,但是如果您使用的是复杂的javascript / ajax,则通常会感到非常痛苦。
In short, instead of storing the session id in a cookie, you embed it at the end of every link. 简而言之,您无需将会话ID存储在cookie中,而是将其嵌入到每个链接的末尾。
so 所以
http://example.com/somepage.php
becomes 变
http://example.com/somepage.php?SessionId=ABC123
Unfortunately, while PHP can do this for you in some cases, it doesn't help with links you build yourself in javascript - and it only takes clicking a single link without the id to effectively log the user out 不幸的是,尽管在某些情况下PHP可以为您完成此操作,但它对使用javascript构建自己的链接没有帮助-它仅需单击单个链接而无需id即可有效注销用户
See this page for more information 请参阅此页面以获取更多信息
As mentioned by Quentin in the comments, if you're not using a cookie to identify the browser which created the session, it's possible that sharing a link would share the session. 正如昆汀在评论中提到的那样,如果您不使用cookie来标识创建会话的浏览器,则共享链接可能会共享会话。 This could be mitigated but not prevented by checking IP address/user agent but this would likely fail in large corporate environments with NAT and standard browsers 可以通过检查IP地址/用户代理来缓解这种情况,但不能避免这种情况,但这在使用NAT和标准浏览器的大型公司环境中可能会失败
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.