PHP-如何将当前会话ID告知下一个服务器请求?
[英]PHP - How to tell current session id to the next server request?
问题描述
I'm having a big trouble here: In my company we have a huge system and too many people access it every day. 
我在这里遇到了很大的麻烦:在我的公司中,我们有一个庞大的系统,每天都有太多人访问它。 We are having the following problem: 我们遇到以下问题:
- User access his account on the pc A. 用户在个人计算机A上访问他的帐户。
- He goes to write his text 他去写他的文字
- He write all his text but doesn't save it. 他写下了所有文字,但没有保存。 Then open a new tab. 然后打开一个新标签。
- In the new tab, he access the account of his customer. 在新标签中,他访问其客户的帐户。
- Using the account of his customer, he goes to write the customer's text. 他使用客户的帐户来编写客户的文本。
- After type the customer's text, he goes to the previous tab to save his own text and after save the customer text. 键入客户的文本后,他将转到上一个选项卡以保存自己的文本,并在保存客户文本之后。
- The two texts appears on the customer's page. 这两个文本出现在客户页面上。
I was thinking in a way of the current screen store somewhere the actual session id, and then when the user click in a link, or post a form, the current page send the session id loaded when it was rendered to the requested page. 我在想一种方式,将当前屏幕存储在实际会话ID的某个位置,然后当用户单击链接或发布表单时,当前页面发送在呈现给请求页面时加载的会话ID。
Can you help me please? 你能帮我吗?
Thanks! 谢谢!
3 个解决方案
解决方案1
0 2015-01-29 13:22:45
Its a little difficult to follow the use case specified, but it sounds like you need to check access rights to save 'text' to a particular account. 遵循指定的用例有点困难,但是听起来您需要检查访问权限才能将“文本”保存到特定帐户。
at the moment it appears that your authenticated customer account is saving to an account that isnt theirs? 目前看来,您已通过身份验证的客户帐户正在保存到不是他们的帐户?
for eg, in the new text method, before anything happens: 例如,在新文本方法中,什么都不会发生:
if($currentUserID != $accountOwnerID)
{
// throw a 403 exception here
}
this way if they happen to change identity during a session, their access rights will always be checked before anything else can happen. 这样,如果他们在会话期间碰巧更改了身份,则将始终先检查其访问权限,然后再进行其他操作。
解决方案2
0 2015-01-29 13:33:24
The best solution is to use named sessions. 最好的解决方案是使用命名会话。 See: session_name() 请参阅: session_name()
By using it, you can have different (and isolated) sessions which will not conflict to each other, even if in the same computer, same browser. 通过使用它,您可以拥有不同(且隔离)的会话,即使在同一台计算机和同一浏览器中,它们也不会相互冲突。
For your particular case, I would create a session named after the user logon, which is unique. 对于您的特定情况,我将创建一个以用户登录名命名的会话,这是唯一的。 That way, if user A logs in, he will have his own session. 这样,如果用户A登录,他将拥有自己的会话。 If a new tab is opened, and he logs as user B, a different session will be created, and both tabs will work simultaneously and correctly, each on it's own session space. 如果打开一个新的选项卡,并且他以用户B的身份登录,则将创建一个不同的会话,并且两个选项卡将同时且正确地工作,每个选项卡都位于其自己的会话空间上。
Just add session_name($UserLogon); 只需添加session_name($UserLogon); before session_start() , should work good. 在session_start()之前,应该工作良好。
解决方案3
0 2015-01-29 14:12:10
You can use session keys to check. 您可以使用会话密钥进行检查。
For that first you need to create a random session key and store it in a session variable. 为此,您首先需要创建一个随机会话密钥并将其存储在会话变量中。 Also provide this value as a hidden element in your form. 还要将此值作为表单中的隐藏元素提供。 During the insertion you can check whether the value in hidden element is same as the session key, then insert. 在插入期间,您可以检查hidden元素中的值是否与会话密钥相同,然后插入。 Else through error message. 否则通过错误消息。 After successful insertion reset the session key again. 成功插入后,再次重置会话密钥。 It will overcome your problem. 它将克服您的问题。
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.