会话ID，页面之间“丢失”？ [英] Session ID, 'loosing it' between pages?

问题描述

我听说有可能丢失页面之间的会话ID，

（当用户点击时一个链接到另一个）。


这真的可能吗？我在哪里可以找到对

问题的明确答案？适用的浏览器是什么？


我的数据库根据会话ID存储一些信息，是否会有另外的b $ b，（更好），做的方式东西？

我知道我可以将会话ID从页面传递到页面但是有更好的

方式吗？


很多提前谢谢。


Sims

解决方案

Sims写道：

你好，

我听说有可能在页面间丢失会话ID，
（当用户点击一个链接到另一个链接时）。

我的数据库根据会话ID存储一些信息，是否会有另一种（更好的）做事方式？
我知道我可以将会话ID从页面传递到页面，但有更好的方式吗？

非常感谢提前。

模拟人生

我更喜欢这样的方法：

（1）将会话ID存储在安全客户端cookie和服务器端

数据库。通过安全的SSL连接只读取包含会话ID的cookie

。

（2）在用户访问的每个页面上检查cookie中的会话ID，

使用它来检索访问级别（仅存储在服务器端）。

（3）确保会话ID符合以下条件：


（a）cookie尚未过期。

（b）它也没有过期服务器端。

（c）它与IP匹配最初创建时。

（d）其他标准：例如，它是使用

相同的客户端浏览器创建的。

（ e）你可能添加的任何其他内容。


如果任何一个标准失败，用户将获得无法访问权限。消息

并且必须再次登录。

消息< 2o ************ @ uni-berlin .de> ;,模拟人生

< si ********* @ hotmail.com>写道

我听说有可能丢失页面之间的会话ID，
（当用户点击一个链接时）到另一个）。

它真的可能吗？我在哪里可以找到对该问题的明确答案？什么浏览器适用于什么？

我的数据库根据会话ID存储一些信息，是否会有另一种（更好的）做事方式？
我知道我可以将会话ID从页面传递到页面，但是有更好的方式吗？

丢失的最简单方法会话ID是忘记给每一页打电话

session_start（）！


-

Rob ...

我听说有机会' '丢失''页面之间的会话ID，
（当用户从​​一个链接点击到另一个链接时）。

它真的可能吗？我在哪里可以找到对该问题的明确答案？什么浏览器适用于什么？

我的数据库根据会话ID存储一些信息，是否有
beanother，（更好），做事的方式？
我知道我可以将会话ID从页面传递到页面但是有更好的
吗？

最简单的丢失方式会话ID是忘记为每个页面调用
session_start（）！

我在每个页面调用session_start（），我从未丢失一个ID，但我希望

以确保会话ID不会被用户的操作丢失。

我所说的不是服务器但是''用户'侧。是否有一个

浏览器，操作，用户可以做的任何事情让我松散我的

会话ID。


我明白他们可以关闭电脑，然后我会放弃

号码。


Sims

Hi,

I heard that there was a chance of ''loosing'' a session ID between pages,
(when the user clicks from one link to another).

Is it really possible? Where could I find a definitive answer to that
question? What browsers does that apply to?

My database stores some information based on the session id, would there be
another, (better), way of doing things?
I know I could pass the Session ID from pages to pages but is there a better
way?

Many thanks in advance.

Sims

解决方案

Sims wrote:

Hi,

I heard that there was a chance of ''loosing'' a session ID between pages,
(when the user clicks from one link to another).

Is it really possible? Where could I find a definitive answer to that
question? What browsers does that apply to?

My database stores some information based on the session id, would there be
another, (better), way of doing things?
I know I could pass the Session ID from pages to pages but is there a better
way?

Many thanks in advance.

Sims

I prefer a method that works like this:
(1) Store a session ID in a secure client cookie and in a server-side
database. Read the cookie containing the session ID only
over a secure SSL connection.
(2) Check the session ID in the cookie on every page the user visits,
use it to retrieve the access level (stored only server-side).
(3) Make sure the session ID meets the following criteria:

(a) the cookie has not expired.
(b) it''s not expired server-side either.
(c) it matches the IP it was originally created with.
(d) other criteria: for example, it was created with the
same client browser, etc.
(e) anything else you might add.

If any one of the criteria fails, the user gets a "no access" message
and must login again.

In message <2o************@uni-berlin.de>, Sims
<si*********@hotmail.com> writes

Hi,

I heard that there was a chance of ''loosing'' a session ID between pages,
(when the user clicks from one link to another).

Is it really possible? Where could I find a definitive answer to that
question? What browsers does that apply to?

My database stores some information based on the session id, would there be
another, (better), way of doing things?
I know I could pass the Session ID from pages to pages but is there a better
way?

The easiest way to "lose" the session id is to forget to call
session_start() for every single page!

--
Rob...

Hi,

I heard that there was a chance of ''loosing'' a session ID between pages,
(when the user clicks from one link to another).

Is it really possible? Where could I find a definitive answer to that
question? What browsers does that apply to?

My database stores some information based on the session id, would there beanother, (better), way of doing things?
I know I could pass the Session ID from pages to pages but is there a betterway?

The easiest way to "lose" the session id is to forget to call
session_start() for every single page!

I do call session_start() at every page, and I never lost an ID, but I want
to make sure that the session ID is not ''lost'' by actions of the user.
What I am talking about is not server side but ''user'' side. Is there a
browser, action, anything that the user could do to make me ''loose'' my
session ID.

I understand that they could switch their computer off and I would loose the
number then.

Sims

这篇关于会话ID，页面之间“丢失”？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！