会话ID,页面之间“丢失”? [英] Session ID, 'loosing it' between pages?
问题描述
我听说有可能丢失页面之间的会话ID,
(当用户点击时一个链接到另一个)。
这真的可能吗?我在哪里可以找到对
问题的明确答案?适用的浏览器是什么?
我的数据库根据会话ID存储一些信息,是否会有另外的b $ b,(更好),做的方式东西?
我知道我可以将会话ID从页面传递到页面但是有更好的
方式吗?
很多提前谢谢。
Sims
Sims写道:你好,
我听说有可能在页面间丢失会话ID,
(当用户点击一个链接到另一个链接时)。
我的数据库根据会话ID存储一些信息,是否会有另一种(更好的)做事方式?
我知道我可以将会话ID从页面传递到页面,但有更好的方式吗?
非常感谢提前。
模拟人生
我更喜欢这样的方法:
(1)将会话ID存储在安全客户端cookie和服务器端
数据库。通过安全的SSL连接只读取包含会话ID的cookie
。
(2)在用户访问的每个页面上检查cookie中的会话ID,
使用它来检索访问级别(仅存储在服务器端)。
(3)确保会话ID符合以下条件:
(a)cookie尚未过期。
(b)它也没有过期服务器端。
(c)它与IP匹配最初创建时。
(d)其他标准:例如,它是使用
相同的客户端浏览器创建的。
( e)你可能添加的任何其他内容。
如果任何一个标准失败,用户将获得无法访问权限。消息
并且必须再次登录。
消息< 2o ************ @ uni-berlin .de> ;,模拟人生
< si ********* @ hotmail.com>写道
我听说有可能丢失页面之间的会话ID,
(当用户点击一个链接时)到另一个)。
它真的可能吗?我在哪里可以找到对该问题的明确答案?什么浏览器适用于什么?
我的数据库根据会话ID存储一些信息,是否会有另一种(更好的)做事方式?
我知道我可以将会话ID从页面传递到页面,但是有更好的方式吗?
丢失的最简单方法会话ID是忘记给每一页打电话
session_start()!
-
Rob ...
我听说有机会' '丢失''页面之间的会话ID,
(当用户从一个链接点击到另一个链接时)。
它真的可能吗?我在哪里可以找到对该问题的明确答案?什么浏览器适用于什么?
我的数据库根据会话ID存储一些信息,是否有
beanother,(更好),做事的方式?
我知道我可以将会话ID从页面传递到页面但是有更好的
吗?
最简单的丢失方式会话ID是忘记为每个页面调用
session_start()!
我在每个页面调用session_start(),我从未丢失一个ID,但我希望
以确保会话ID不会被用户的操作丢失。
我所说的不是服务器但是''用户'侧。是否有一个
浏览器,操作,用户可以做的任何事情让我松散我的
会话ID。
我明白他们可以关闭电脑,然后我会放弃
号码。
Sims
Hi,
I heard that there was a chance of ''loosing'' a session ID between pages,
(when the user clicks from one link to another).
Is it really possible? Where could I find a definitive answer to that
question? What browsers does that apply to?
My database stores some information based on the session id, would there be
another, (better), way of doing things?
I know I could pass the Session ID from pages to pages but is there a better
way?
Many thanks in advance.
Sims
Sims wrote:Hi,
I heard that there was a chance of ''loosing'' a session ID between pages,
(when the user clicks from one link to another).
Is it really possible? Where could I find a definitive answer to that
question? What browsers does that apply to?
My database stores some information based on the session id, would there be
another, (better), way of doing things?
I know I could pass the Session ID from pages to pages but is there a better
way?
Many thanks in advance.
Sims
I prefer a method that works like this:
(1) Store a session ID in a secure client cookie and in a server-side
database. Read the cookie containing the session ID only
over a secure SSL connection.
(2) Check the session ID in the cookie on every page the user visits,
use it to retrieve the access level (stored only server-side).
(3) Make sure the session ID meets the following criteria:
(a) the cookie has not expired.
(b) it''s not expired server-side either.
(c) it matches the IP it was originally created with.
(d) other criteria: for example, it was created with the
same client browser, etc.
(e) anything else you might add.
If any one of the criteria fails, the user gets a "no access" message
and must login again.
In message <2o************@uni-berlin.de>, Sims
<si*********@hotmail.com> writesHi,
I heard that there was a chance of ''loosing'' a session ID between pages,
(when the user clicks from one link to another).
Is it really possible? Where could I find a definitive answer to that
question? What browsers does that apply to?
My database stores some information based on the session id, would there be
another, (better), way of doing things?
I know I could pass the Session ID from pages to pages but is there a better
way?
The easiest way to "lose" the session id is to forget to call
session_start() for every single page!
--
Rob...
Hi,
I heard that there was a chance of ''loosing'' a session ID between pages,
(when the user clicks from one link to another).
Is it really possible? Where could I find a definitive answer to that
question? What browsers does that apply to?
My database stores some information based on the session id, would there beanother, (better), way of doing things?
I know I could pass the Session ID from pages to pages but is there a betterway?
The easiest way to "lose" the session id is to forget to call
session_start() for every single page!
I do call session_start() at every page, and I never lost an ID, but I want
to make sure that the session ID is not ''lost'' by actions of the user.
What I am talking about is not server side but ''user'' side. Is there a
browser, action, anything that the user could do to make me ''loose'' my
session ID.
I understand that they could switch their computer off and I would loose the
number then.
Sims
这篇关于会话ID,页面之间“丢失”?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!