在哪里存储登录尝试和当前登录状态，cookie或会话？ [英] Where to store login attempts and current login status, cookies or sessions?

问题描述

注意：这个问题是关于登录尝试和当前登录状态的存储位置。

Note: this question is on where to store login attempts and current login status.

我正在构建一个Web应用程序，要求用户注册以获取身份验证详细信息，以便在登录系统时使用该身份验证详细信息，但安全性的新手。

I'm building a web application where users will be required to register to acquire authentication details for which to use when logging in to the system, but I'm a total newbie at security.

我希望用户每个会话只能登录一次，因此用户不能拥有多个现有的成功身份验证，即不能同时从两个身份登录计算机a和计算机b同时出现，或者已经存在或未注销同一用户的成功身份验证。

And I want a user to login only once per session, so a user must not have more than one existing successful authentication i.e can not sign in from both computer a and computer b at the same time or when already a successful authentication of the same user exists or was not logged out.

我认为我需要跟踪用户的位置，登录尝试和当前登录状态；为了采取相应的行动
我正在就您在Cookie和会话之间使用什么，如何跟踪用户的位置以及更多建议方面寻求您的建议。

I think I need to track the user's location, log in attempts and current log in status; in order to act accordingly. I'm seeking your advice on what to use between cookies and sessions, how to track the user's location and more suggestions are welcome.

在此先感谢您

推荐答案

都不是。

您必须使用数据库来满足您的需求。

您必须将当前会话ID，登录尝试和登录状态存储在数据库中。

Dunno不过位置是什么。

None of these.
You have to employ a database to accomplish your needs.
You have to store the current session id, login attempts and login status in the database.
Dunno what is location though.

虽然应将cookie用于授权本身，以在服务器和客户端之间传输会话ID。

While cookies should be used for the authorization itself, to transfer the session id between a server and a client.

这篇关于在哪里存储登录尝试和当前登录状态，cookie或会话？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！