我应该使用Cookie还是会话来存储登录尝试和当前登录状态? [英] Should I use cookies or sessions to store login attempts and current login status?
问题描述
可能重复:
何时应使用会话变量而不是Cookie?
您好,
我正在建立一个网络应用程序,用户需要注册才能获取登录时要使用的身份验证详细信息到系统,但我是一个安全的新手。
I'm building a web application where users will be required to register to acquire authentication details for which to use when logging in to the system, but I'm a total newbie at security.
我想让用户每次会话只登录一次,所以用户不能有多个现有的成功认证,即不能同时从计算机a和计算机b两者同时登录,或者当已经对相同用户的成功认证存在或未注销时。
And I want a user to login only once per session, so a user must not have more than one existing successful authentication i.e can not sign in from both computer a and computer b at the same time or when already a successful authentication of the same user exists or was not logged out.
我想我需要跟踪用户的位置,登录尝试和当前登录状态;以便相应地采取行动。
我正在寻求您在cookies和会话之间使用的建议,如何跟踪用户的位置和更多的建议是欢迎的。
I think I need to track the user's location, log in attempts and current log in status; in order to act accordingly. I'm seeking your advice on what to use between cookies and sessions, how to track the user's location and more suggestions are welcome.
提前谢谢
推荐答案
这些都没有。
您必须使用数据库才能满足您的需求。 >
您必须在数据库中存储当前的会话ID,登录尝试和登录状态。
Dunno什么是位置。
None of these.
You have to employ a database to accomplish your needs.
You have to store current session id, login attempts and and login status in the database.
Dunno what is location though.
对于授权本身,你必须使用cookie来存储会话ID。对于会话数据,您可以使用内置机制或某种自己的服务器端存储。内置的一个将更容易实现。
For the authorization itself you have to use cookies to store session id. As for the session data you can use either built-in mechanism or some sort of server-side storage of your own. Built-in one would be easier to implement.
这篇关于我应该使用Cookie还是会话来存储登录尝试和当前登录状态?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
