PHP-HTTP验证或$ _SESSION来验证用户?
[英]PHP - HTTP Authentication or $_SESSION to authenticate user?
问题描述
HTTP身份验证和$ _SESSION在登录表单上对用户进行身份验证有什么区别?
HTTP,
<?php
if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_USER'] !== 'demo' || $_SERVER['PHP_AUTH_PW'] !== 'demo') {
header("WWW-Authenticate: Basic realm=\"Secure Page\"");
header("HTTP\ 1.0 401 Unauthorized");
echo 'No soup for you';
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Basic HTTP Authentication</title>
</head>
<body>
<h1>Secure Page</h1>
<p>This is a page with secure content...</p>
</body>
</html>
会话
ession_start();
if( isset($_POST['username']) && isset($_POST['password']) )
{
if( auth($_POST['username'], $_POST['password']) )
{
// auth okay, setup session
$_SESSION['user'] = $_POST['username'];
// redirect to required page
header( "Location: index.php" );
} else {
// didn't auth go back to loginform
header( "Location: loginform.html" );
}
} else {
// username and password not given so go back to login
header( "Location: loginform.html" );
}
哪一个更安全?
1 个解决方案
解决方案1
0 2015-10-10 20:18:03
我会选择PHP版本,因为它更加安全且易于使用。
具有共享会话和用户身份验证的WebSockets和HTTP安全性
[英]WebSockets and HTTP security with shared Session and user Authentication
HTTP基本认证结合SSL / TLS(HTTPS)将用于认证用户
[英]HTTP Basic Authentication combined with SSL/TLS (HTTPS) will be used to authenticate user
PHP:使用HTTP摘要式身份验证响应与LDAP进行身份验证
[英]PHP: Use HTTP Digest Authentication response to authenticate with LDAP
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.