检查会话是否存在(Nginx) [英] Check the existence of a session (Nginx)
本文介绍了检查会话是否存在(Nginx)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在PHP中有两个会话:
I have two sessions in PHP:
$_SESSION["session"]["key"] = md5 ($token . $userAgent . $ip);
$_SESSION["session"]["timeout"] = time ();
只想检查与nginx的会话,尝试了以下代码但未成功:
Just want to check that sessions with nginx, tried this code without success:
location / {
if ($request_filename ~* "index.php") {
break;
}
if ($http_cookie ~* "session") {
break;
}
rewrite ^.+$ https://localhost/index.php last;
}
有任何线索吗?
谢谢.
推荐答案
cookie仅保存会话ID,因此总是在session_start();
上创建一个ID,因此,如果您在脚本中调用该用户,则该用户将始终具有一个会话ID.
a cookie just holds the Session ID, an id is always created upon session_start();
so if your calling that within your script the user will always have a session id.
您最好的选择还是添加第二个Cookie:
your best bet is too add a second cookie:
setcookie('session_key',md5 ($token . $userAgent . $ip));
然后在nginx中:
if ($http_cookie ~* "session_key")
{
break;
}
检查该cookie是否已设置.
to check if that cookie is set.
如果哈希敏感,则执行以下操作:
If the hash is sensitive then do this:
setcookie('session_key_active','1');
然后在Nginx中使用
Then in Nginx:
if ($http_cookie ~* "session_key_active")
{
break;
}
但这仍然容易受到攻击,请始终检查服务器端值是否匹配!
But this is still vulnerable , always check server side values match!
这篇关于检查会话是否存在(Nginx)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文