客户端会话数据 [英] Client-Side Session Data

问题描述

当你进行会话时，我知道PHP会在客户端上存储会话

令牌，但它会将会话*数据*保存在

客户端上吗，以及？

或者是会话数据存储在服务器上，只是

索引到会话令牌数据？

解决方案

Sanders Kaufman写道：

当你进行会话时，我知道PHP存储会话
$客户端上的b $ b令牌，但它是否也将会话*数据*保存在

客户端上？

或者是存储在服务器上的会话数据，只是

索引到会话令牌数据？

标准是会话数据（因此，

_SESSION中的信息）通常存储。它不适用于用户，只有他们的

会话ID。

-

Rik Wasmus

On Sun，2006年12月17日23:33:23 GMT，Sanders Kaufman< bu *** @ kaufman.net>

写道：

>当你进行会话时，我知道PHP会在客户端上存储一个会话令牌，但它会将会话*数据保留在
上吗？客户端，还是？
或者会话数据是否存储在服务器上，并且只是索引到会话令牌数据？

如果你使用FireFox作为浏览器（工具Cookie编辑器），你会看到
看到调用session_start（）会创建一个cookie对于你的域名

称为PHPSESSID，一旦窗口关闭就会消失，但是可以通过在
>
服务器。然后，可以通过服务器端脚本读取此会话ID，以便每当调用页面时，
都会识别用户。


一般来说，没有数据来自此应该位于

客户端，因为这使黑客很容易打到你的服务器。如果

你真的必须在cookie中保存更多数据，请确保它们是加密的。

加密。

When you have a session going, I know that PHP stores a session
token on the client, but does it keep the session *data* on the
client, as well?
Or is the session data being stored on the server, and just
indexed to the session token data?

解决方案

Sanders Kaufman wrote:

When you have a session going, I know that PHP stores a session
token on the client, but does it keep the session *data* on the
client, as well?
Or is the session data being stored on the server, and just
indexed to the session token data?

Standard is that ''session-data'' (So, info in

_SESSION), is normally stored
in a file with the session-id. It is not available to the user, only their
session-id is.
--
Rik Wasmus

On Sun, 17 Dec 2006 23:33:23 GMT, Sanders Kaufman <bu***@kaufman.net>
wrote:

>When you have a session going, I know that PHP stores a session
token on the client, but does it keep the session *data* on the
client, as well?
Or is the session data being stored on the server, and just
indexed to the session token data?

If you use FireFox as your browser (Tools Cookie Editor), you''ll
see that calling session_start() creates a cookie for your domain
called PHPSESSID, which disappears once the window is closed, but can
be made permanent by writting the ad hoc code in a PHP script on the
server. This session ID can then be read by server-side scripts to
identify the user whenever a page is called.

Generally speaking, no data appart from this should be located on the
client, as this makes it too easy for hackers to hit your server. If
you really must save more data in cookies, make sure they''re
encrypted.

这篇关于客户端会话数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！