Cookie /会话登录系统 [英] Cookies/Sessions login system

问题描述

当用户登录时，我获得他/她的ID并将其保存在会话var中。我想知道的是，这是要走的路吗？还是应该使用Cookie？所以它会自动登录等。

When a user logins I get him/her's ID and save it in a session var. What I wonder is, is this the way to go? Or should I use cookies? so it automatically login and so on.

session_start();


ifcorrectlogin {
$_SESSION['id'] = mysql_result($loginQuery, 0, 'user_id');
}

如何验证您的用户？

// Newbie

//Newbie

推荐答案

是的，这是要走的路。会话本身已经由一个cookie支持，以消除你周围的任何编程努力。只要用户打开浏览器实例或者直到会话在服务器端超时，会话（实际上是cookie）就会存在，因为用户没有访问该站点一段时间（通常约30分钟）。

Yes, this is the way to go. The session itself is already backed by a cookie to remove you any programming efforts around that. The session (actually, the cookie) will live as long as the user has the browser instance open or until the session times out at the server side because the user didn't visit the site for a certain time (usually around 30 minutes).

登录时，只需将获取的 User 放入 $ _ SESSION 。在受限页面上的每个请求，您只需检查在 $ _ SESSION 中是否有登录 User 请求相应，即继续它或重定向到登录或错误页面。退出时，只需从 $ _ SESSION 中删除​​用户。

On login, just put the obtained User in the $_SESSION. On every request on the restricted pages you just check if the logged-in User is available in the $_SESSION and handle the request accordingly, i.e. continue with it or redirect to a login or error page. On logout, just remove the User from the $_SESSION.

如果您要添加在此计算机上记住我选项，则需要自行添加另一个Cookie，其寿命比会话长。你只需要确保为cookie生成一个长的，独特的和难以猜测的值，否则它太容易黑客。看看PHP是如何通过在你的webbrowser中检查名为 phpsessionid 的cookie。

If you want to add a Remember me on this computer option, then you'll need to add another cookie yourself which lives longer than the session. You only need to ensure that you generate a long, unique and hard-to-guess value for the cookie, otherwise it's too easy to hack. Look how PHP did it by checking the cookie with the name phpsessionid in your webbrowser.

这篇关于Cookie /会话登录系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！