堆栈内存溢出
  简体   繁体   English

有关PHP中会话的快速问题

[英]Quick question about sessions in PHP

 原文  2009-08-19 16:07:02       php/ session/ persistence

问题描述

Sessions are started via session_start() , I realize that much, but to make sessions persistent, they need an ID. 会话是通过session_start()启动的,我知道很多,但是要使会话持久化,它们需要一个ID。

Now, the php.ini file has a setting: 现在,php.ini文件具有一个设置: 

session.use_cookies = 1

So I don't have to pass the ID around. 因此,我不必传递ID。 But there's another setting: 但是还有另一种设置: 

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

Am I to understand that if I implement this and go to my website, login, do what I wanna do, shut the browser down and start it again some time later, that I won't be logged in anymore when I go back to my site? 我是否理解,如果我实施此操作并转到我的网站,登录,执行我想做的事,关闭浏览器,然后过一会儿再启动它,那么当我返回自己的网站时,将不再登录现场?

EDIT: So to stay logged in, I will have to combine this with client-side cookies. 编辑:所以要保持登录状态,我将不得不将此与客户端cookie结合起来。

I'm guessing I'll need 2 database fields. 我猜我将需要2个数据库字段。 1 for the sessions ID, 1 for the ID I give to the cookie. 会话ID为1,我给cookie的ID为1。

4 个解决方案

解决方案1
 2  2009-08-19 16:09:06

I think you understand it correctly, the PHP manual says: 我认为您理解正确,PHP手册说:

session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. session.cookie_lifetime指定发送到浏览器的cookie的生存时间(以秒为单位)。 The value 0 means "until the browser is closed." 值0表示“直到浏览器关闭”。 Defaults to 0. 预设为0。

http://php.net/session.configuration#ini.session.cookie-lifetime http://php.net/session.configuration#ini.session.cookie-lifetime

解决方案2
 2 已采纳  

Nope, you won't be logged in anymore. 不,您将无法再登录。

See my answer here: How do I Keep a user logged in for 2 weeks? 在这里查看我的答案: 如何使用户保持登录状态2周? (See http://www.drupal.org/node/31506 for more information about sheduled tasks, if you want people to be signed out after an amount of time). (如果要让人们在一段时间后退出,请参阅http://www.drupal.org/node/31506 ,了解有关任务计划的更多信息)。 It might help you. 它可能会帮助您。

Check the user agent string (just for security. If an hacker found out a key in some way... he can send a fake cookie and be logged in automatically. For people who switch a browser one time, they can just sign in again once after copying cookies. However, this would be a disaster for people who change or update browser nonstop). 检查用户代理字符串(仅出于安全性考虑。如果黑客以某种方式发现了密钥...他可以发送伪造的cookie并自动登录。对于一次切换浏览器的人,他们可以再次登录复制Cookie后一次。但是,这对于不停更改或更新浏览器的人来说是一场灾难。

解决方案3
 0  2009-08-19 16:08:39

I would say yes. 我会说是的。 Do you see otherwise? 你看到其他吗?

解决方案4
 0  2009-08-19 16:09:43

是的,这就是会话cookie的目的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 关于排序行结果的快速php问题 - Quick php question about ordering row results 有关日期格式php / javascript的快速问题 - Quick question about date formatting php/javascript 有关用户系统的问题,特别是与PHP的会话 - Question about user system, specifically sessions with PHP 快速 PHP 问题关于 JSON 编码 doctrine 在 Z878D66F98B73E26AD2B50C1392EZEE1 - Quick PHP question about JSON encode doctrine in Symfony 有关网址验证的快速问题 - a quick question about url validation 快速PHP问题 - Quick PHP question 快速OOP问题 - PHP - Quick OOP Question - PHP 关于会话的另一个安全问题 - Another security question about Sessions PHP会话和Cookie问题 - PHP sessions and cookies question 关于PHP会话 - About PHP Sessions
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM