会话(CodeIgniter)
[英]Sessions (CodeIgniter)
问题描述
I'm trying to implement a sort of favorites list that lasts with the session. 
我正在尝试实现一种持续到会话中的收藏夹列表。 Currently I have my sessions stored in the DB and favorites are stored in a separate table with the session_id of the user. 目前,我的会话存储在数据库中,收藏夹与用户的session_id存储在单独的表中。 My questions are: 我的问题是:
How reliable are these session id values? 这些会话ID值的可靠性如何? Although no sensitive data is in these favorites, can other people pass some other session id value and tamper with another users favorites? 尽管这些收藏夹中没有敏感数据,但是其他人可以传递其他会话ID值并篡改其他用户的收藏夹吗? (I'm guessing they can but aside from they passing another known session id, how can is it to guess?) (我猜他们可以,但是除了传递另一个已知的会话ID之外,如何猜测?)
Will a session id always exist? 会话ID会一直存在吗? In my library I keep referring to the session id - is it safe to assume that every user has one? 在我的库中,我一直在引用会话ID-可以安全地假设每个用户都有一个吗? (Does PHP/CI automatically create one of those that don't pass any?) (PHP / CI是否会自动创建不通过任何一种?)
Thanks in advance! 提前致谢!
1 个解决方案
解决方案1
1 已采纳 2011-04-09 21:15:54
in application/config/config.php , under "Session Variables" is a boolean value called sess_encrypt_cookie which can obscure the session ID. 在application/config/config.php ,“会话变量”下是一个名为sess_encrypt_cookie的布尔值,该值可以使会话ID变得模糊。 There are also options to require a matching IP address and user agent. 还有一些选项要求匹配的IP地址和用户代理。 This should make it very difficult for someone to spoof the session ID, even if they know what it is. 即使有人知道会话ID,这也将使其很难欺骗他人。
Regarding whether a session ID will always exist, if your app starts a session on page load it is safe to assume that there is a session ID. 关于会话ID是否将始终存在,如果您的应用在页面加载时启动会话,则可以安全地假定存在会话ID。 However, it expires after a period of inactivity, so it may not be the same the next time the user visits, meaning all of your session settings will be lost when they leave. 但是,它会在一段时间不活动后到期,因此下次用户访问时可能会有所不同,这意味着您离开时所有会话设置都将丢失。
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.