PHP的在会话中存储用户ID? [英] php storing user id in session?
本文介绍了PHP的在会话中存储用户ID?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想知道在会话中存储用户ID有什么风险?
I am wondering what the risks are of storing the userid in a session?
然后只需进行
if(isset($_SESSION['user_id'])){
login_user($_SESSION['user_id]);
}
会话是否已足够加密,我们将不必担心对其进行哈希处理? 某人能够更改其ID的机会是什么?
Are sessions encrypted enough that we wont have to worry about hashing them? What are the chances of someone being able to change their ID?
推荐答案
默认情况下,会话以文件形式存储在/tmp
中.除非您遇到诸如目录遍历漏洞之类的安全问题,否则最终用户将无法看到该文件.
The session is by default stored in /tmp
as a file. It is not viewable by the end user unless you have security issues such as directory traversal vulnerabilities.
客户端唯一看到的部分是存储在cookie中的唯一哈希,该唯一哈希映射到服务器上的相关会话.
The only portion the client sees is the unique hash stored in a cookie which maps to the relevant session on the server.
这篇关于PHP的在会话中存储用户ID?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文