堆栈内存溢出
  简体   繁体   English

当 cookies 被禁用时,PHP 会话如何工作?

[英]How do PHP sessions work when cookies are disabled?

 原文  2009-03-05 08:27:18       php/ session/ cookies

问题描述

I've tried to research this mechanism but only find hints and these are not very consistent.我试图研究这种机制,但只找到了一些提示,而且这些提示并不是很一致。 How is the session _id sent to the browser and how is the browser instructed to return it when the user requests a new page? session_id是如何发送给浏览器的,当用户请求一个新页面时,浏览器是如何指示返回的?

Thanks, Chris谢谢,克里斯

3 个解决方案

解决方案1
 28 已采纳  2009-03-05 08:37:51

PHP will do 2 things: PHP 将做两件事:

  • It will rewrite all links to pass an extra GET parameter, usually PHPSESSID but this can be changed by setting session.name in php.ini它将重写所有链接以传递额外的 GET 参数,通常是 PHPSESSID,但这可以通过在 php.ini 中设置 session.name 来更改
  • It will add a hidden input with the same name after all <form> opening tags.它将在所有<form>打开标签之后添加一个具有相同名称的隐藏输入。

Note that this is a dangerous thing to do, because anyone who you eg copy/paste a URL to containing an PHPSESSID parameter will be able to share your login session on the site - the webserver has no easy way of telling that you are different from the person you sent the link to...请注意,这是一件危险的事情,因为您复制/粘贴 URL 以包含 PHPSESSID 参数的任何人都可以在网站上共享您的登录 session - 网络服务器没有简单的方法来告诉您与您将链接发送给的人...

解决方案2
 0  2012-11-30 11:03:37

Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID.会话通过为每个访问者创建唯一 ID (UID) 并基于此 UID 存储变量来工作。 The UID is either (1) stored in a cookie or (2) is propagated in the URL. UID 要么 (1) 存储在 cookie 中,要么 (2) 在 URL 中传播。

解决方案3
 0  2009-03-05 08:39:24

PHP's own session module supports fetching the session id from GET and POST data (besides cookies). PHP 自己的 session 模块支持从 GET 和 POST 数据(除了 cookie)中获取 session id。 You can use http://uk.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid and http://uk.php.net/manual/en/session.configuration.php#ini.url-rewriter.tags to let php handle the forwarding of the id.您可以使用http://uk.php.net/manual/en/session.configuration.php#ini.session.use-trans-sidZ80791B3AE7002CB88C246876D9FAA8C246876D9FAA8F876. .php#ini.url-rewriter.tags让 php 处理 id 的转发。 But in any case keep in mind that especially if you're using GET to transport the id it's more likely some of your users give away their (valid) session id by accident.但无论如何请记住,特别是如果您使用 GET 传输 id,则更有可能您的一些用户会意外泄露他们的(有效)session id。

The underlying mechanism doesn't care how the session id was transported from the client to the server.底层机制并不关心 session id 是如何从客户端传输到服务器的。 As long as you pass the "right" value to session_id() it will work - even if you do something as weird (stupid?) as abusing the etag-header as a vehicle for the session id;-)只要您将“正确”值传递给 session_id() 它就会起作用 - 即使您做了一些奇怪的事情(愚蠢?),例如滥用 etag-header 作为 session id 的工具;-)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 禁用cookie时,会话如何工作? - do sessions work when cookies are disabled? 如何在禁用cookie时访问php会​​话? - How to access php sessions when cookies disabled? 禁用 cookie 的 PHP 会话,是否有效? - PHP Sessions with disabled cookies, does it work? 禁用cookie时使用会话? - Working with sessions when cookies are disabled? 使用禁用了Cookie的会话? - Using sessions with cookies disabled? PHP 会话如何工作? (不是“它们是如何使用的?”) - How do PHP sessions work? (not “how are they used?”) PHP会话是否设置了任何cookie? - Do PHP sessions set any cookies? PHP的饼干不工作 - php cookies do not work 如何在复选框中添加 PHP Cookie 或会话 - how add PHP Cookies or Sessions on checkbox 如何使用PHP会话或cookie实现此目的? - How to use PHP sessions or cookies to achive this?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM