简体繁体 English

在 php 中实现自动登录选项的最佳方法

[英]Best way to implement AUTO LOG IN option in php

原文 2011-07-22 04:14:51 8 1 php/ cookies/ logging

I have read several solutions such as http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/我已经阅读了几种解决方案，例如http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/

Now I understand you have to use Cookies but what's the most optimal/safest way to implement Auto Log in feature.现在我知道你必须使用 Cookies 但是实现自动登录功能的最佳/最安全的方法是什么。

let's say we have a users table that contains user's account, email, password, etc假设我们有一个包含用户帐户、email、密码等的用户表

What about having a separate Session table that holds拥有一个单独的 Session 表怎么样？

session_id, ip, user_agent, user_id. session_id，ip，user_agent，user_id。

You save the session_id in a cookie and once the person visits the website again, the page pulls up a cookie and gets session_id.您将 session_id 保存在 cookie 中，一旦该人再次访问该网站，该页面就会提取一个 cookie 并获取 session_id。 You then compare current ip and user agent to the ones stored in Session table.然后，您将当前的 ip 和用户代理与存储在 Session 表中的进行比较。 After that, you pull up user's data based on user_id from users table.之后，您根据用户表中的 user_id 提取用户数据。

How does that solution sound?该解决方案听起来如何？

1 个解决方案

You could use an ip address and if they don't match then they simply have to log in again.您可以使用 ip 地址，如果它们不匹配，则只需重新登录即可。

Then you can compare the data and time with the one in the cookie, if different then they have to log back in.然后您可以将数据和时间与 cookie 中的数据和时间进行比较，如果不同，则必须重新登录。

You can also create a unique random number for them.您还可以为它们创建一个唯一的随机数。 This would change every time and you could compare that.这每次都会改变，你可以比较一下。

So, yea what you said would work just fine.所以，是的，你说的会很好用。 Have a sessions table to keep track of the auto logins.有一个会话表来跟踪自动登录。 I would at least add a date/time field as well.我至少也会添加一个日期/时间字段。

Don't store the username and password in the cookie though, even if it's hashed.不要将用户名和密码存储在 cookie 中，即使它已经过哈希处理。 You should not have to do this for an auto login.您不必为自动登录执行此操作。