检查用户是否登录
[英]Check if user Logged in
问题描述
hey There I completely new to this kind of work! 
嘿,我对这种工作完全陌生! Actually I want to check if user is successfully logged in! 实际上,我想检查用户是否成功登录!
suppose that i have a menu item: 假设我有一个菜单项:
<li><a href="#" title="Know about Java" onclick="CheckSignIn()">Java</a></li>
when user clicks on it: 用户单击时:
function CheckSignIn() {
//here i want to check login
if (!login) {
alert('please login');
} else {
window.open('new page url here');
}
}
I know how can i do it with php ie 我知道我该如何用PHP
<?php
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
echo (welcome user);//sort of
} else {
echo "please login!";
}
?>
In simple I want to check if user logs in using javascript and i know i cant use php inside java script can somebody help me please! 简单地说,我想检查用户是否使用javascript登录,我知道我无法在java脚本中使用php有人可以帮助我! Its not an assignment but i am learning it to my own 它不是一项任务,但我正在自己学习
3 个解决方案
解决方案1
0 2014-06-08 17:30:49
You cannot check session variable using JavaScript since a session variable is stored on server. 由于会话变量存储在服务器上,因此无法使用JavaScript检查会话变量。 To do this you'll have to call your server side code asynchronously using js. 为此,您必须使用js异步调用服务器端代码。 jQuery ajax can help you make the async call. jQuery ajax可以帮助您进行异步调用。
解决方案2
0 2014-06-08 17:39:15
Very similar to access-php-variable-in-javascript 与access-php-variable-in-javascript非常相似
Even $_SESSION is a PHP variable so I am sure you should be able to get it in javascript variable. 甚至$ _SESSION也是一个PHP变量,因此我相信您应该可以在javascript变量中获取它。
解决方案3
0
One way is to send a xhr to the server which returns true or false if a user is signed in (aka a session value is set eventually making a database call), parse the response and return true or false. 一种方法是将xhr发送到服务器(如果用户已登录,则返回true或false)(又设置了会话值,最终将进行数据库调用),解析响应并返回true或false。
Another way is to send an encrypted token (jwt is what I use currently) upon login that is stored in the browser's sessionStorage 另一种方法是在登录时发送存储在浏览器的sessionStorage中的加密令牌(jwt是我当前使用的令牌)
So either you have everything on the server side or you have the clientside UI which makes requests to the server side api. 因此,您可以将所有内容都放在服务器端,也可以使用客户端UI向服务器端api发出请求。
Both have advantages and disadvantages. 两者都有优点和缺点。
If you have a client side UI that makes requests to an api, like in your example I suggest you send a JWT upon login, store it in the browser's sessionStorage. 如果您有一个向api发出请求的客户端UI,例如在您的示例中,我建议您在登录时发送JWT,则将其存储在浏览器的sessionStorage中。 Now you'd like to check on the client side if a user is logged in for display purposes. 现在,您要在客户端检查是否已登录用户以进行显示。 So check if a token in the sessionStorage exists, that means a user is logged in. Now when making a request to the server you send that token in a header field. 因此,请检查sessionStorage中是否存在令牌,这意味着用户已登录。现在,当向服务器发出请求时,可以在标头字段中发送该令牌。 The server checks the token for validity and if valid performs the operation. 服务器检查令牌的有效性,如果有效则执行该操作。 If not status 403. 如果不是,则状态为403。
This has downsides, the user needs to log in for every browser window it opens. 这有缺点,用户需要为打开的每个浏览器窗口登录。 Storing it in localStorage adds new security considerations, which are out of scope of the question (CSP, X-Frame-Options, and so on). 将其存储在localStorage中会增加新的安全注意事项,而这超出了问题的范围(CSP,X-Frame-Options等)。 JWT by default uses RSA and SHA256 (RS256). 默认情况下,JWT使用RSA和SHA256(RS256)。
The flow is: 流程为:
- User fills out login form and hits submit 用户填写登录表单并点击提交
- Server receives the login information and if valid sends a token 服务器收到登录信息,如果有效则发送令牌
- If reponse status != 403|401 store the token in sessionStorage 如果响应状态!= 403 | 401将令牌存储在sessionStorage中
- When making a request to a protected resource the client sends the token in a header field. 当向受保护资源发出请求时,客户端在标头字段中发送令牌。
- Server checks token for validity 服务器检查令牌的有效性
- If valid send protected resource (or content that was requested) 如果有效,则发送受保护的资源(或所请求的内容)
- Client renders received content 客户呈现收到的内容
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.