[英]Check the existence of a session (Nginx)
I have two sessions in PHP: 我在PHP中有两个会话:
$_SESSION["session"]["key"] = md5 ($token . $userAgent . $ip);
$_SESSION["session"]["timeout"] = time ();
Just want to check that sessions with nginx, tried this code without success: 只想检查与nginx的会话,尝试了以下代码但未成功:
location / {
if ($request_filename ~* "index.php") {
break;
}
if ($http_cookie ~* "session") {
break;
}
rewrite ^.+$ https://localhost/index.php last;
}
Any clues ? 有什么线索吗?
Thanks. 谢谢。
a cookie just holds the Session ID, an id is always created upon session_start();
一个cookie只保存会话ID,总是在session_start();
创建一个id session_start();
so if your calling that within your script the user will always have a session id. 因此,如果您在脚本中调用该用户,则该用户将始终具有一个会话ID。
your best bet is too add a second cookie: 您最好的选择还是添加第二个Cookie:
setcookie('session_key',md5 ($token . $userAgent . $ip));
then within nginx: 然后在nginx中:
if ($http_cookie ~* "session_key")
{
break;
}
to check if that cookie is set. 检查该cookie是否已设置。
If the hash is sensitive then do this: 如果哈希是敏感的,请执行以下操作:
setcookie('session_key_active','1');
Then in Nginx: 然后在Nginx中:
if ($http_cookie ~* "session_key_active")
{
break;
}
But this is still vulnerable , always check server side values match! 但这仍然容易受到攻击,请务必检查服务器端值是否匹配!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.