如何在PHPSESSID中存储IP?
[英]How to store IP in the PHPSESSID?
问题描述
Today I learned the difference between COOKIES and SESSION. 
今天,我了解了COOKIES和SESSION之间的区别。
Now I would like to create a login. 现在,我想创建一个登录名。 The main idea is the following: 主要思想如下:
$ip = $_SERVER['REMOTE_ADDR'];
$session_ip = $_SESSION['PHPSESSID']['ip'];
if ( (session_id() === $_COOKIE['PHPSESSID']) && ($ip === $session_id) ){
return (true);
} else {
return (false);
}
I would like to check if the IP is the same like that one that an User had last time when he logged in. So when the SESION starts it will create the $_COOKIE['PHPSESSID'] on client site. 我想检查IP是否与用户上次登录时的IP相同。因此,当SESION启动时,它将在客户端站点上创建$_COOKIE['PHPSESSID'] 。 The server will store the SESSION some where on the server and can identify the SESSION with session_id() 服务器会将SESSION存储在服务器上的某些位置,并可以通过session_id()识别SESSION
Basically it should be the same like this part says: 基本上这部分应该是一样的:
session_id() === $_COOKIE['PHPSESSID']
Now, the probem is the part saving the IP to that SESSION. 现在,探针是将IP保存到该会话的部分。
How can I access this SESSION to handle it like an Array? 如何访问此SESSION使其像数组一样处理? Normally I would do it like this: 通常我会这样:
$ip = $_SERVER['REMOTE_ADDR'];
$_COOKIE['PHPSESSID']['ip'] = $ip;
So I just save the IP to the client site $_COOKIE['PHPSESSID'] but what about the SESSION from the server site? 因此,我只是将IP保存到客户端站点$_COOKIE['PHPSESSID']但是从服务器站点进行的SESSION呢? How can I store the IP there? 我如何将IP存储在那里?
Thanks alot. 非常感谢。
3 个解决方案
解决方案1
5 已采纳 2013-11-22 20:44:37
Saving IP to session would be as easy as: 将IP保存到会话将很容易:
session_start(); //near beginning of script
$_SESSION['ip'] = $ip;
Than on any additional pages after ip value has been set: 设置ip值后,在任何其他页面上都不会:
session_start(); //near beginning of script
if(!empty($_SESSION['ip'])) {
// do something with it
}
I can't think of any reason you would work with the $_COOKIE['PHPSESSID'] value directly. 我想不出任何理由直接使用$_COOKIE['PHPSESSID']值。
I would say though that I don't quite understand why you would need to store this value to session as it would always be available via $_SERVER['REMOTE_ADDR'] . 我会说,尽管我不太明白,为什么您需要将此值存储到会话中,因为它始终可以通过$_SERVER['REMOTE_ADDR'] 。
To answer the use case specified in your comment. 回答您的注释中指定的用例。 Your code could be as simple as: 您的代码可能很简单:
session_start(); //near beginning of script
if(!isset($_SESSION['ip'])) {
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
} else if ($_SERVER['REMOTE_ADDR'] !== $_SESSION['ip']) {
// invalid session
// exit program, redirect, or whatever you want to do here
// just make sure you exit script execution
}
// continue with rest of code
解决方案2
1 2013-11-22 20:47:58
Looks like you're trying to block connections MIM attack by requiring the IP address not to change? 看起来您是在尝试通过不要求更改IP地址来阻止MIM攻击的连接吗? This might be problematic - because IP's don't always stay the same in the real world. 这可能是有问题的-因为IP在现实世界中并不总是保持不变。 However, you could do: 但是,您可以执行以下操作:
<?php
//start a session
session_start();
//check cookie and ip
if((session_id() === $_COOKIE['PHPSESSID']) && (!isset($_SESSION['ip']) || (isset($_SESSION['ip']) && $_REQUEST['REMOTE_ADDR'] === $_SESSION['ip']))){
echo 'attempt ok';
} else {
die('IP changed');
}
//set ip in session
if(!isset($_SESSION['ip'])){
$_SESSION['ip'] = $_REQUEST['REMOTE_ADDR'];
}
解决方案3
0 2013-11-22 20:53:20
If you want to check if the last-login IP equals to the current used IP , you have to store your data on your database instead of using sessions. 如果要检查上次登录的IP是否等于当前使用的IP ,则必须将数据存储在数据库中,而不是使用会话。 One of the general behaviour of sessions is that any session-data is lost after the session reaches his end of life. 会话的一般行为之一是, 会话达到生命周期结束 后 , 所有会话数据都会丢失 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.