如何在每次自动登录时重置 Zend rememberMe 功能? [英] How to reset a Zend rememberMe function on each automatic login?

问题描述

我正在使用通过 Zend rememberMe 功能实现的记住我复选框以实现自动登录.我已经在控制器中写了这个条件用于登录，但我希望它在每次自动登录时重置为 7 天(只要当前登录是自动登录).

$秒 = 60 * 60 * 24 * 7;//7 天
Zend_Session::rememberMe($seconds);

是否有默认的 zend 函数在每次访问期间更新 cookie.顺便说一句，我是编码新手.希望有人可以帮助我.谢谢.

I am using a remember me checkbox implemented with a Zend rememberMe function for automatic login. I have written this condition inside the controller for login, but I want it to reset to 7 days on each automatic login (as long as the current login is an automatic one).

$seconds = 60 * 60 * 24 * 7; // 7 days
Zend_Session::rememberMe($seconds);

Is there a default zend function to update the cookie during each access. Btw, I'm new to coding. Hope someone can help me out. Thanks.

推荐答案

您不想在每次访问时使用 Zend_Session::rememberMe() 设置 cookie.这样做的原因很简单，因为每次调用 rememberMe() 都会导致生成一个新的会话 ID，并且 cookie 被一个新 ID 替换.将旧会话的数据复制到新会话，并删除旧会话.

You wouldn't want to set the cookie using Zend_Session::rememberMe() on each access. The reason for this is simply because each call to rememberMe() causes a new session id to be generated and the cookie is replaced by one with a new id. Data from the old session is copied to the new one and the old session is deleted.

尽管这样做不会造成真正的伤害，但在每个请求上执行此操作都会产生开销.根据 Zend 的说法，最佳做法是在会话开始后调用它.

Although no real harm would come out of this, there is overhead involved in doing this on each request. According to Zend, it is best practice to call this after the session has been started.

此外，如果您对每个请求都无条件地执行此操作，则可以区分延长时间后自动登录和随意浏览的唯一方法是将时间戳存储在会话中并在每个请求开始时检查它并设置确定某人已离开的时间限制.

Also, if you did this unconditionally on each request, the only way you can differentiate between an automatic login after extended time and casual browsing would be to store the timestamp in the session and check it at the beginning of each request and set a time limit to determine a person as having gone away.

相反，您可以在回访者访问您的登录页面登录时执行此操作；然后，您可以重定向他们，他们将无需身份验证即可登录.

Instead, you could do this when a returning visitor goes to your login page to log in; you could then redirect them and they would be logged in without authenticating.

或者，如果您想定期更新会话 cookie，您可以在启动会话后调用 Bootstrap.php 文件中的 rememberMe().如果您从插件或直接在控制器中启动会话，您应该在会话开始后将记住我的调用放在那里，并且每隔一段时间执行一次(由您自行决定).

Or, if you want to update the session cookie periodically, you could call rememberMe() in your Bootstrap.php file after you have started the session. If you start the session from a plugin, or directly in the controllers, you should put the remember me call there after the session starts, and do it every so often (at your discretion).

见 session_regenerate_id() 当你调用 Zend_Session::rememberMe() 和 Zend 框架 - 会话标识符，以及以下有关会话劫持和修复的部分.

See session_regenerate_id() which gets called when you call Zend_Session::rememberMe() and Zend Framework - Session Identifiers, as well as the following section on Session Hijacking and Fixation.

这篇关于如何在每次自动登录时重置 Zend rememberMe 功能?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！