有关PHP中会话的快速问题 [英] Quick question about sessions in PHP
问题描述
会话是通过session_start()
启动的,我知道很多,但是要使会话持久化,它们需要一个ID.
Sessions are started via session_start()
, I realize that much, but to make sessions persistent, they need an ID.
现在,php.ini文件具有一个设置:
Now, the php.ini file has a setting:
session.use_cookies = 1
因此,我不必传递ID.但是还有另一种设置:
So I don't have to pass the ID around. But there's another setting:
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0
我是否理解,如果我实施此操作并转到我的网站,登录,执行我想做的事,关闭浏览器,然后过一会儿再启动它,那我就不再登录了.回到我的网站?
Am I to understand that if I implement this and go to my website, login, do what I wanna do, shut the browser down and start it again some time later, that I won't be logged in anymore when I go back to my site?
因此要保持登录状态,我必须将其与客户端Cookie结合使用.
So to stay logged in, I will have to combine this with client-side cookies.
我猜我将需要2个数据库字段.会话ID为1,我给cookie的ID为1.
I'm guessing I'll need 2 database fields. 1 for the sessions ID, 1 for the ID I give to the cookie.
推荐答案
不会,您将不再登录.
在这里查看我的答案: http://www.drupal.org/node/31506 ,了解有关任务分散的更多信息(如果您希望在一段时间后让人们退出).可能会对您有帮助.
See my answer here: How do I Keep a user logged in for 2 weeks? (See http://www.drupal.org/node/31506 for more information about sheduled tasks, if you want people to be signed out after an amount of time). It might help you.
检查用户代理字符串(仅出于安全性考虑.如果黑客以某种方式发现了密钥...他可以发送伪造的cookie并自动登录.对于一次切换浏览器的人,他们可以复制Cookie后再次登录.但是,这对于不停更改或更新浏览器的人来说是一场灾难.
Check the user agent string (just for security. If an hacker found out a key in some way... he can send a fake cookie and be logged in automatically. For people who switch a browser one time, they can just sign in again once after copying cookies. However, this would be a disaster for people who change or update browser nonstop).
这篇关于有关PHP中会话的快速问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!