带有PHP会话,MySQL和/或Redis的Node.js?
[英]Node.js with PHP sessions, MySQL and/or Redis?
问题描述
I'm looking to add on info to this post 
我希望在此信息中添加信息
Node.js (mysql+socket.io) Authentication PHP via Cookie? 通过Cookie的Node.js(mysql + socket.io)身份验证PHP?
If possible please explain this part and if scenario is correct based on assumptions in above question: 如果可能,请解释此部分,并且根据上述问题的假设,假设情况是正确的:
Lets say I have user login via ajax, upon success, I return the session ID to the client side with ajax response, and send it to a websocket request. 可以说我通过ajax登录了用户,成功后,我将会话ID和ajax响应返回给客户端,并将其发送到websocket请求。 There on node.js, I keep an array of the successful login session ID's, and can get the member_id using the session ID. 在node.js上,我保留了成功登录会话ID的数组,并且可以使用会话ID获得member_id。 This way I don't have to make the session ID accessible via javascript (leaving cookie http only). 这样,我不必使会话ID可通过javascript访问(仅保留cookie http)。 Lastly, when I visit another page, I have to use ajax to resend the session ID to websockets to reinitiate the websocket chat. 最后,当我访问另一个页面时,我必须使用ajax将会话ID重新发送到websocket,以重新启动websocket聊天。
Is my understanding correct? 我的理解正确吗? The safety is my concern, I don't know what monstrous issues could occur if I have an ajax response with the session_id. 安全是我关心的问题,我不知道如果对session_id进行ajax响应会发生什么可怕的问题。 Or is there a way to bypass this sending? 还是有办法绕过这种发送? I've read about something called Redis, would this be running while I apache, node.js and mysql running? 我已经读过一篇关于Redis的文章,在我运行apache,node.js和mysql的同时会运行吗? So I have 2 databases running at same time instead of just one? 因此,我有2个数据库同时运行,而不是一个数据库?
Edit: Already see someone trying to close the question. 编辑:已经看到有人试图关闭该问题。 Let me rephrase it then, returning the session ID via an ajax response poses a threat or not..? 我再改一下,通过ajax响应返回会话ID是否构成威胁。
1 个解决方案
解决方案1
0 已采纳 2014-06-04 03:15:34
I think you're making this more complicated than it needs to be. 我认为您正在使此过程变得比所需的复杂。 All you need is regular sessions (using httpOnly cookies). 您只需要进行常规会话(使用httpOnly cookie)即可。 Websocket requests already send cookies with the initial HTTP Upgrade request. Websocket请求已发送带有初始HTTP升级请求的cookie。
For sharing sessions between node and PHP via redis see this answer . 有关通过redis在node和PHP之间共享会话的信息,请参见此答案 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.