没有cookie的Laravel会话 [英] Laravel sessions without cookies

问题描述

我有一个允许用户登录并将项目添加到购物篮的应用程序，但是，如果用户关闭了cookie，则此功能将不再起作用.我已经检查了facebook，事实证明，即使他们需要启用cookie才能起作用.

所以我的问题是，甚至可以在不使用cookie的情况下处理常规的登录/添加到购物车功能吗?

解决方案

这不仅是Laravel特有的.检查 http://php.net/manual/en/session.configuration.php(特别是session.use_cookies和session.use_only_cookies)，以查看如何启用_GET参数.

与往常一样，文档警告您，当您通过_GET传递ID时，窃取SESSION很容易.

但是，一旦启用它们，PHP应该自动重写您的URL，因此不需要您做额外的工作，但是我个人将会话限制在一个IP和User-Agent中，这会使攻击者感到困难. /p>

I have an application which allows user to log in and add items to basket, however if user has cookies turned off, this functionality would no longer work. I've checked facebook and it turns out even they need cookies enabled to function.

So my question is is it even possible to handle regular login/add to cart functionality without cookies?

解决方案

This is not only Laravel specific. Check http://php.net/manual/en/session.configuration.php (specifically session.use_cookies and session.use_only_cookies) to see how you can enable the use of a _GET parameter instead.

As always, the documentation warns you that stealing a SESSION gets easy when you pass the ID via _GET.

But PHP should be automatically rewriting your URLs once you enable them, so no extra work required on your end, but I would personally keep the sessions restricted to a single IP and User-Agent - should make it hard for attackers.

这篇关于没有cookie的Laravel会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！