[英]Storing Session Data Securely With Codeigniter?
For all of my projects I use codeigniter as my framework. 对于我所有的项目,我都使用codeigniter作为框架。 I always use sessions in order to get store things like user_string and user_permissions to determine who can access certain functions and pages within the site.
我总是使用会话来获取诸如user_string和user_permissions之类的东西,以确定谁可以访问站点中的某些功能和页面。
Is it bad practise to use the session->userdata
as a basis to provide a user unique content? 使用
session->userdata
作为提供用户唯一内容的基础是不好的做法吗?
I usually set a user an array of userdata when they login, like so: 我通常会在用户登录时为用户设置用户数据数组,如下所示:
$data = array('id' => $user_string,
'g' => $user_group);
$this->session->set_userdata($data);
When I'm determining what results they get for a query I might do the following: 当我确定要查询的结果时,我可以执行以下操作:
function get_posts(){
if( $this->session->userdata('g') == 2 ){
$data = $this->db->get_where('posts', array('' => $this->session->userdata('id') ) )->result_array();
return $data;
}
}
Is this code vulnerable because of the session->userdata('id')
and session->userdata('g')
? 由于
session->userdata('id')
和session->userdata('g')
此代码是否容易受到攻击?
Any comment is greatly appreciated. 任何意见,不胜感激。
just do one think:- 只是想一想:-
save your key to your application/config/config.php, open the file and set 将密钥保存到application / config / config.php,打开文件并设置
$config['encryption_key'] = "YOUR KEY";
$this->load->library('encrypt');
data = array('id' => $this->encrypt->encode($user_string),
'g' => $this->encrypt->encode($user_group),
); );
$this->session->set_userdata($data);
when get data:- 当获取数据时:
function get_posts(){
if( $this->session->userdata('g') == 2 ){
$id =$this->encrypt->decode($this->session->userdata('id') );
$data = $this->db->get_where('posts', array('' => $id ) )->result_array();
return $data;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.