Rails 登录重置会话 [英] Rails Login Reset Session
问题描述
最佳做法是在用户成功登录时调用 reset_session 并在用户退出时再次调用它吗?这样做有什么副作用/问题吗?
这实际上取决于您如何在会话中存储内容以及您希望安全性如何操作.
重置会话将删除用户会话中的所有内容,因此如果他们跳回登录屏幕并重新登录,但仍然(例如)将购物车存储到他们的会话中,您将清除可能不受欢迎的内容.
如果您没有存储任何您认为用户可能想要保留的数据,我知道没有理由在处理登录尝试之前清除会话会造成任何伤害,我建议退出登录.
Is it best practice to call reset_session when a user successfully signs in and to call it again when a user signs out? Are there any side effects/problems to doing this?
That's really going to depend on how you store things in session and how you want the security to operate.
Reset session will drop everything from the user's session, so if they hop back into the login screen and sign back in but still had (for example) a shopping cart stored to their session, you'll clear that which may be undesirable.
If you're not storing any data you feel the users might want to hold on to, I know of no reason clearing the session before processing a login attempt would hurt at all, an on sign outs I recommend it.
这篇关于Rails 登录重置会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
