在PHP / CodeIgniter中使用重新生成会话ID
[英]Working with regenerating session id in PHP/CodeIgniter
问题描述
I'm using CodeIgniter's Session class to manage my sessions for a cart/checkout system. 
我正在使用CodeIgniter的Session类来管理购物车/结帐系统的会话。 The session data is being stored in the database and the session id is stored in a cookie. 会话数据存储在数据库中,会话ID存储在cookie中。 All cart information is retrieved via AJAX and is kept in the session, along with the session id. 所有购物车信息都通过AJAX检索并与会话ID一起保留在会话中。
Right now I am using the session id that PHP/CodeIgniter generates as a way to keep track of users. 现在,我使用PHP / CodeIgniter生成的会话ID来跟踪用户。 Users do not log in to the site and the store and the cart/checkout system are on different domains so this is the only thing that is tying them to their cart that is stored in the session/database. 用户没有登录到该站点,并且商店和购物车/结帐系统位于不同的域,因此这是将他们绑定到存储在会话/数据库中的购物车的唯一方法。 I use this session id in hidden fields on forms and as a parameter in links so that it gets sent to the server on any request (add item, remove item, view cart, etc...) 我在表单上的隐藏字段中使用此会话ID,并在链接中将其用作参数,以便在任何请求(添加项,删除项,查看购物车等)上将其发送到服务器。
CodeIgniter lets you set a time for regenerating the session id, right now I have it set to 10 minutes. CodeIgniter允许您设置一个时间来重新生成会话ID,现在我将其设置为10分钟。 I had it at the default but that was too short because if the user sat at the page for too long, the session id that was dynamically written to the links and forms would be out of date and no longer tied to their cart data. 我默认使用它,但是它太短了,因为如果用户在页面上坐了太长时间,则动态写入链接和表单的会话ID将会过时并且不再与购物车数据绑定。
This is obviously not a great solution. 这显然不是一个很好的解决方案。 What is the best way to allow for regenerating session ids at a lower interval but still keep users tied to their cart data even if the user waits 10+ minutes (without a page refresh) to do an action? 允许以较低的时间间隔重新生成会话ID,但即使用户等待10分钟以上(不刷新页面)来执行操作,仍然使用户与购物车数据保持联系的最佳方法是什么?
1 个解决方案
解决方案1
8 已采纳 2011-02-04 14:15:22
Don't use the session id's in the database. 不要在数据库中使用会话ID。 The cart should persist across sessions, so you need to store the cart in relation to the user, not the session. 购物车应跨会话保留,因此您需要存储与用户(而不是会话)相关的购物车。 I also would not be putting the session id in fields as a hidden field. 我也不会将会话ID放在字段中作为隐藏字段。 The benefit of sessions is you can store them server side. 会话的好处是您可以将它们存储在服务器端。
Store the cart in the database, don't load the whole thing into session. 将购物车存储在数据库中,不要将整个内容加载到会话中。
Method #1 方法1
A user can be given an "active" cart in the database. 可以在数据库中为用户提供“活动”购物车。
User -> (has many) Cart
This cart is then updated by adding items to it 然后通过向购物车中添加商品来更新该购物车
/cart/add/{id} -> Verify prices / quantities
This cart is not linked to the session, the session is only controlling which user is logged in. When they checkout the cart is set from "active" to "ordered" and a new "active" (but empty) cart is created. 该购物车未链接到会话,会话仅控制登录的用户。当他们签出时,将购物车从“活动”设置为“有序”,并创建一个新的“活动”(但为空)购物车。 Carts will persist in the database between sessions, and a full history can be made available. 会话之间的购物车将保留在数据库中,并且可以提供完整的历史记录。
Method #2 方法#2
Store the entire cart in session, not backed against the database. 将整个购物车存储在会话中,而不是针对数据库进行备份。 This would make some things simpler (adding / removing items aren't DB operations) but it also won't persist across sessions. 这会使某些事情变得更简单(添加/删除项不是数据库操作),但也不会在会话之间持久化。 When a user checks out write the cart to the database. 当用户签出时,将购物车写入数据库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.