在Web登录系统中如何阻止网页阻止未经授权的用户?
[英]How pages are blocked against unauthorized users in web login system?
问题描述
In login register system users who do not know their passwords should have no ability to open some pages and to watch other users profile pages. 
在登录注册系统中,不知道其密码的用户应该没有能力打开某些页面并观看其他用户的个人资料页面。 They are allowed to enter only several certain pages. 他们只能进入某些特定页面。 How pages are blocked against unauthorized users in web login system? 在Web登录系统中如何阻止网页阻止未经授权的用户?
Edit: I do not mean a way to decide if user would be redirect to any page but how some certain pages are blocked. 编辑:我不是要确定用户是否将重定向到任何页面,而是如何阻止某些特定页面的方法。 Imagine that somebody enters the site directly not via login page. 假设有人不通过登录页面直接进入站点。
1 个解决方案
解决方案1
0 2017-03-17 07:37:22
In very simplistic terms, while leaving out a lot: 用非常简单的术语来说,却遗漏了很多:
Your server must give each user a cookie containing a random unique number by which they can be identified. 您的服务器必须为每个用户提供一个cookie,其中包含一个随机的唯一编号,通过该编号可以识别他们。
Then when a user has successfully logged in, this number will be stored in the database record that belong to that user. 然后,当用户成功登录后,此号码将存储在该用户所属的数据库记录中。
So every time a restricted page is accessed, the number inside the cookie is offered up by the client and compared, by the server, against the number in the database. 因此,每次访问受限页面时,客户端都会提供cookie中的数字,并由服务器将其与数据库中的数字进行比较。 If it matched the page can be accessed as that user. 如果匹配,则可以该用户身份访问该页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.