[英]Is it a good idea to use a combination of cookies and sessions for keeping users logged in
I am looking at the possibilty to set up a option to keep users logged in. Now I understand a session could be used to allow a user to navigate around without re-entering login information on each page only until the browser is closed and the session is lost. 我正在寻找一种设置选项来保持用户登录的可能性。现在,我了解到可以使用会话来允许用户浏览而无需在每个页面上重新输入登录信息,直到关闭浏览器并关闭会话为止。迷路了。 A cookie would be stored client side and has a duration until it expires or the user deletes the cookie.
Cookie将存储在客户端,并具有持续时间,直到它过期或用户删除该Cookie。
I was thinking that I could use a combination of both 我当时想我可以将两者结合使用
User logs in which creates a row in the db table connecting the user to the cookie_token which is stored on the client browser (system) as well. 用户登录将在db表中创建一个行,该行将用户连接到cookie_token,该cookie_token也存储在客户端浏览器(系统)上。
So every time the user visits the site, the system looks up that token and checks is_active fields, If the user_token is found and is_active = 1 or true, the user data is retrieved (id,name,etc) and this then creates the session and the session variables. 因此,每次用户访问该站点时,系统都会查找该令牌并检查is_active字段。如果找到了user_token且is_active = 1或true,则将检索用户数据(id,name等),然后创建会话和会话变量。
I am not able to find any questions or answers that use a combination of both so it could be that this is just overkill or a very bad idea, I just started to read up on sessions and cookies and have been trying to figure out a system that I could implement myself so would be nice to know if this is good or bad. 我找不到结合使用这两种方法的任何问题或答案,所以这可能只是一个矫kill过正或一个非常糟糕的主意,我刚刚开始阅读会议和Cookie,并一直在尝试找出一个系统我可以实现自己,所以很高兴知道这是好是坏。
I can't reply as a comment anymore, because my reply would be too long... I've implemented something like follows. 我无法再作为评论回复,因为我的回复太长了……我已经实现了以下内容。 Unfortunately I can't remember it precisely, but it would give you a pretty good idea:
不幸的是,我记不清了,但是它会给你一个很好的主意:
Visit before manual login: 手动登录前先访问:
Next time the browser visits the page: 下次浏览器访问页面时:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.