PHP会议-一些问题
[英]PHP sessions - a few questions
问题描述
I am using PHP sessions to store tracking data across my pages for my site. 
我正在使用PHP会话在网站的整个页面上存储跟踪数据。 The session is started with session_start(); 会话从session_start();开始session_start();
By the way - this is not a login script. 顺便说一句-这不是登录脚本。 I am tracking the first page the user entered on, the date/time and a few other variables. 我正在跟踪用户输入的第一页,日期/时间和其他一些变量。
I store the information in a database, and finally redirect the user to a page using: 我将信息存储在数据库中,最后使用以下命令将用户重定向到页面:
header("Location: ".$URLHERE);
exit();
A few questions about using sessions: 有关使用会话的几个问题:
- As I am not explicity closing the session after the redirect, does PHP delete session variables from disk - or do I have to handle this myself? 由于我没有在重定向后明确关闭会话,因此PHP是否会从磁盘上删除会话变量-还是我必须自己处理?
(I am concerned about datafiles building up on my Apache server) (我担心在我的Apache服务器上建立数据文件)
- Are there any security issues with PHP sessions? PHP会话是否存在任何安全问题? This isn't a login, but my scripts do rely on session variables to track information about that unqiue visit. 这不是登录名,但是我的脚本确实依靠会话变量来跟踪有关该不正常访问的信息。
Thanks :) 谢谢 :)
3 个解决方案
解决方案1
4 2017-02-22 10:12:55
First, Please perform these 首先,请执行这些
Note: before you start your session it is always best to save your session path to a folder. 注意:在开始会话之前,始终最好将会话路径保存到文件夹。 Also give read/write permission to this folder. 同时授予对此文件夹的读/写权限。 Eg. 例如。
session_save_path('path to the session folder'/session name); session_save_path('会话文件夹的路径'/会话名称); session_start(); session_start();
session_start should be called before any session is being set or retrieved.
应该在设置或检索任何会话之前调用session_start。 Best practice is to set session at the begging point of your page ie immediately once you open your php tag ( 最佳做法是在页面的开始点设置会话,即,一旦打开php标签( very important point--> cookie must be enabled in your browser
非常重要的一点->必须在浏览器中启用cookie make sure _globals is off, you can check this on the php.ini file and also using phpinfo().
确保_globals已关闭,您可以在php.ini文件中检查此内容,也可以使用phpinfo()。 after every header redirect .Please use exit so that the script doesnt continue further and before redirect please dont delete or empty your session.Also redirect to same domain.
在每个标头重定向之后。请使用exit,以使脚本不再继续,在重定向之前,请不要删除或清空会话。还要重定向到同一域。 $_SESSION[key] --> make sure that this key is not overridden anywhere.
$ _SESSION [key]->确保此密钥不会在任何地方被覆盖。 the file extension always has to be .php
文件扩展名始终必须是.php
I hope it works out for you using above steps. 我希望以上步骤对您有用。
解决方案2
1 已采纳 2017-02-22 10:12:29
No, the session garbage collection is managed by the system, based on the session.gc_maxlifetime property of
php.ini.不,会话垃圾收集由系统根据php.ini的session.gc_maxlifetime属性管理。 As your PHP script is run on a per-request basis, callingsession_destroy()would involve the lost of data you got about the user at the end of each request.由于您的PHP脚本是基于每个请求运行的,因此调用session_destroy()会涉及在每个请求结束时丢失有关用户的数据。No security problem with php sessions, only risk is the cookie being stolen by an attacker, but you can avoid that requiring https.
php会话没有安全问题,唯一的风险是攻击者窃取了cookie,但是您可以避免需要https的情况。
Note that you can also do this without the session, but using the cookie API. 请注意,您也可以在没有会话的情况下使用Cookie API来执行此操作。
解决方案3
1 2017-02-22 12:03:23
Here is your answers 这是你的答案
1. As I am not explicity closing the session after the redirect, does PHP delete session variables from disk - or do I have to handle this myself? 1.由于我没有在重定向后明确关闭会话,因此PHP是否会从磁盘上删除会话变量-还是我必须自己处理?
When session create then on server a file create automatically and if user is no longer active on website then it will delete automatically as default session active time 1440 seconds (24 minutes).
2. Are there any security issues with PHP sessions? 2. PHP会话是否存在安全性问题? This isn't a login, but my scripts do rely on session variables to track information about that unqiue visit. 这不是登录名,但是我的脚本确实依靠会话变量来跟踪有关该不正常访问的信息。
No, There is no issues with PHP sessions just you need to take care of XSS
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.