使用或不使用session_set_save_handler?
[英]To use, or not to use, session_set_save_handler?
问题描述
I'm playing around with creating a user login system in php. 
我正在玩PHP创建用户登录系统。
I have been studying this article ( http://www.evolt.org/node/60384 ) as a way of approaching this. 我一直在研究这篇文章( http://www.evolt.org/node/60384 ),以此来解决这个问题。
In the above article, the author uses a combination of $_SESSION and his own custom database table for storing user info. 在上面的文章中,作者使用$ _SESSION和他自己的自定义数据库表的组合来存储用户信息。
However... 然而...
I have also come across numerous articles that recommend using session_set_save_handler to configure php sessions to use the database natively. 我还遇到过许多文章,建议使用session_set_save_handler配置php会话以本机使用数据库。 (Which I guess is a newer technique.) (我猜这是一种新技术。)
I am wondering: If I am planning on setting up an "activeUsers" table in the database for recording session data anyhow, does it make more sense to use session_set_save_handler? 我想知道:如果我打算在数据库中设置一个“activeUsers”表来记录会话数据,那么使用session_set_save_handler会更有意义吗? (Seems if I'm using the database to store some session info anyhow, I might as well dispense with filesystem sessions.) (似乎我是否正在使用数据库存储一些会话信息,我不妨放弃文件系统会话。)
Or is there some advantage to leaving php sessions in their default filesystem form, and then x-checking user logins against my custom db table? 或者将php会话保留为默认文件系统形式,然后根据我的自定义数据库表进行x检查用户登录是否有一些优势?
Thanks (in advance) for your help. 在此先感谢您的帮助。
2 个解决方案
解决方案1
2 2010-06-29 11:32:09
Storing session data in a database can be a little tricky to setup at first, but once you have a class or function set up to do this, then you get a few potential advantages over filesystem storage. 将会话数据存储在数据库中起初设置起来可能有点棘手,但是一旦设置了类或功能,那么与文件系统存储相比,您可以获得一些潜在的优势。 The question is whether or not those advantages are required for your system. 问题是您的系统是否需要这些优势。 These are, I think, amongst the most common reasons for storing session data in a database: 我认为,这些是在数据库中存储会话数据的最常见原因:
Security: If using shared hosting, session data may be held in areas of the disk that are accessible by other users of the system. 安全性:如果使用共享主机,则会话数据可以保存在磁盘的其他用户可访问的区域中。 This could constitute a security risk for your application. 这可能会对您的应用程序构成安全风险。
Scalability: If your application is handled by more than one server (a server farm, for instance_, you need to ensure that multiple requests from the same client, which may be processed by different servers, each receive the same session data. This is quite easy to do if the session data is in a database. 可伸缩性:如果您的应用程序由多个服务器(例如服务器场)处理,则需要确保来自同一客户端的多个请求(可能由不同服务器处理)各自接收相同的会话数据。这是相当的如果会话数据在数据库中,则很容易做到。
Performance: Database storage may give a performance increase over filesystem storage, but this is heavily influenced by the server configuration. 性能:数据库存储可能会提高文件系统存储的性能,但这很大程度上受到服务器配置的影响。
DB interaction: Depending on the role of your session data, and how your application uses it, it may be easier to retrieve session data and related information if it is all in a database. 数据库交互:根据会话数据的角色以及应用程序如何使用它,如果会话数据和相关信息都在数据库中,则可能更容易检索它们。
Something else to consider is that you can enhance the session information by storing additional information, such as IP addresses, log on and log off times, and so on. 还需要考虑的是,您可以通过存储其他信息来增强会话信息,例如IP地址,登录和注销时间等。 This sort of information can be useful when trying to prevent session hijacking. 在尝试阻止会话劫持时,此类信息非常有用。
So, other than the scalability issue, I think it's all quite subjective. 因此,除了可扩展性问题之外,我认为这些都是非常主观的。 You need to weight up the extra work required to implement database session storage, with the possible benefits. 您需要加权实现数据库会话存储所需的额外工作,并带来可能的好处。
解决方案2
1 2010-06-29 11:46:15
如果您使用它,您需要制作自己的垃圾收集器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.