如何保持用户登录,直到用户自己注销?
[英]how to keep the user logged until user log out himself?
问题描述
I have php login page that stores the user id in the session once the login is successful. 
一旦登录成功,我就有了php登录页面,该页面将用户ID存储在会话中。 User can navigate to different pages or can even close the page briefly and once user re-open the page, he is still logged in. However the problem is that when the user closes the page for longer time, the session get expired automatically and he has to re-enter the credentials and login again. 用户可以导航到其他页面,甚至可以短暂关闭页面,并且一旦用户重新打开页面,他仍然可以登录。但是问题是,当用户关闭页面较长时间时,会话会自动过期并且他必须重新输入凭据并再次登录。
How can I keep the user logged in forever and log out ONLY if user decides to do so? 我如何才能使用户永远登录并仅在用户决定退出时才注销? I would like the user to be able to close the page, turn off the pc for weeks and when he or she comes back to visit the page, he or she should be already logged in. 我希望用户能够关闭页面,关闭计算机数周,并且当他或她再次访问该页面时,他或她应该已经登录。
1 个解决方案
解决方案1
1 2017-01-12 01:32:27
Sound like you need to set the cookie expiration date - as per this wikipedia article on HTTP cookies, if you do not set an expiration date for a cookie it becomes a session cookie. 听起来好像您需要设置cookie失效日期-根据此Wikipedia上有关HTTP cookie的文章 ,如果您没有为cookie设置失效日期,它将成为会话cookie。 ie it expires once the browser closes. 即,一旦浏览器关闭,它就会过期。
There is no real way to specify that a cookie NEVER expires, however you can set the expiration date for some time far in the future.. ie in 10 years, and renew that expiration date every time the user loads a page. 没有真正的方法来指定cookie永不过期,但是您可以将过期日期设置为将来的某个时间(例如10年),并在用户每次加载页面时更新该过期日期。
setCookie( name, value, expiration )
Another alternative (which would also require some JS on your pages) would be to use the browser's internal database to store the user session id so that you can retrieve the session from your database (I assume you are using some sort of database, otherwise you will run into other issues as explained below). 另一种选择(在页面上还需要一些JS)是使用浏览器的内部数据库存储用户会话ID,以便您可以从数据库中检索会话(我假设您正在使用某种数据库,否则您会将会遇到其他问题,如下所述)。
If I wanted to achieve this I would probably have a piece of javascript on my page loads that checked for the existence of the session cookie, and if not, I would load the session id from the browser's database, drop the cookie, and force a page reload. 如果要实现此目的,我可能会在页面加载中包含一段javascript,以检查会话cookie是否存在,否则,我将从浏览器的数据库中加载会话id,删除cookie并强制执行页面重新加载。 There are certainly more elegant ways of achieving this, but this should give you an example of how to get this started. 当然,有一些更优雅的方法可以实现这一目标,但是这应该为您提供一个如何开始这一过程的示例。
Lastly, please keep in mind that if you don't use a database (ie Redis, Memcached, SQL), all you session information is lost when you restart your application server. 最后,请记住,如果不使用数据库(即Redis,Memcached,SQL),则在重新启动应用程序服务器时,所有会话信息都会丢失。 This is certainly suboptimal, and you should store session information in a database if you want to have this information survive server restarts (or if you have a load balanced environment). 当然,这不是最佳选择,如果希望在服务器重新启动后(或者您具有负载平衡的环境中)保留这些信息,则应将会话信息存储在数据库中。
Hope this helps! 希望这可以帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.