结合HTTP身份验证和PHP会话?
[英]Combining HTTP Authentication and PHP Sessions?
问题描述
I am creating an admin area for a website, and I am using HTTP Authentication to lock down the directory. 
我正在为网站创建一个管理区域,我正在使用HTTP身份验证来锁定目录。 I was wondering if I could just put a PHP script in that directory that, once accessed, stores the fact that the user is logged in in a session variable so they can now access other admin pages. 我想知道我是否可以在该目录中放置一个PHP脚本,一旦访问,就会存储用户登录会话变量的事实,以便他们现在可以访问其他管理页面。 Something along these lines: 这些方面的东西:
session_start();
$_SESSION['admin_enabled'] = true;
header("location: some/admin/script.php");
Then, on any admin page I just check for that session variable, and I'd have a simple sign out script destroying that variable. 然后,在任何管理页面上我只检查该会话变量,并且我有一个简单的注销脚本销毁该变量。
Basically the only way to access the script to set the session variable will be through HTTP Authentication. 基本上,访问脚本以设置会话变量的唯一方法是通过HTTP身份验证。 Will this work for verifying users have administrative credentials in files/functions outside the HTTP Authenticated directory? 这对验证用户是否在HTTP Authenticated目录之外的文件/函数中具有管理凭据?
1 个解决方案
解决方案1
4 已采纳 2015-09-04 19:15:56
As long as those other pages are also on the same domain, then session_start() will reopen the previous session. 只要那些其他页面也在同一个域上,session_start()将重新打开上一个会话。 As long as you reopen the same session, the same session variables will still be present, so you should be good to go. 只要你重新打开同一个会话,相同的会话变量仍然存在,所以你应该好好去。
I've used this method in addition to http authentication to authorize admin users in the past. 除了http身份验证之外,我还使用过这种方法来过去授权管理员用户。 It works well, and it is simple. 它运作良好,而且很简单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.