如何处理不同设备上的会话? [英] How to handle sessions across different devices?

问题描述

我正处于构建php/mysql后端的初始阶段，该后端向网站和iphone/android/etc设备公开REST接口.

I'm in the initial stage of building a php/mysql backend that exposes a REST interface to a website and iphone/android/etc devices.

我不太确定处理使用同一帐户的多个设备的会话的标准"或最佳做法"是什么.

I'm not quite sure what is the 'standard' or 'best practices' for dealing with sessions for multiple devices that use the same account.

这是我目前对它如何工作的看法:

Here is my current thoughts on how this would work:

1. 我现在将使用MySQL来存储会话，其会话表如下所示:

1. I would use MySQL to store sessions for now, with a sessions table like so:

id，session_id(哈希)，user_id(整数)，创建(时间戳)，过期(时间戳)，设备(枚举)

id, session_id (hash), user_id (int), created (timestamp), expire (timestamp), device (enum)

当用户通过iOS应用程序或android应用程序登录时，我会在成功json中返回一个会话令牌，以供将来的api调用使用.与网站进行api调用相同.

When a user login via iOS app or android app, I would return a session token in the success json for future api calls to use. Same with the website making an api call.

出于安全目的，如果用户重新登录，则应重新生成并覆盖会话令牌，但仅限于该设备的session_id.

For security purposes, I should regenerate and overwrite the session token if the user re-login, but only for the session_id for that device.

我还有一个expire列，它告诉我会话的到期时间，以便我可以创建一个可以在两周后到期并由CRON作业定期清理的会话.

I also have an expire column that tells me the expiration of the session so that if I wish, I can create a session that can expire in two weeks and is periodically cleaned by a CRON job.

这对我来说似乎是一种合理的方法，但是如果用户使用一个iphone和一个ipad或使用同一帐户的多个android设备，则会出现问题.每当用户使用一个用户登录时，都会导致另一个用户注销.

This seem like a reasonable approach to me, but there are problems if the user uses an iphone and an ipad, or multiple android devices using the same account. Anytime the user logins with one would cause the other to log out.

我注意到instagram并没有使会话无效，即使我从其他iPhone登录也是如此.

I noticed instagram didn't invalidate the session even if I login from another iphone.

但是，我认为我无法重复这种行为，除非当用户重新登录时我永远不会覆盖会话令牌，或者每当用户从iphone登录时就一直向我的会话表中添加会话行?

However, I don't think I can duplicate that behavior unless I never overwrite a session token when a user re-login or keep adding session rows into my session table whenever the user logins from the iphone?

在不同设备上处理会话的标准方法是什么?

What is the standard way of handling sessions across different devices?

推荐答案

我强烈建议您不要使用mysql来存储会话.我建议使用redis或memcache.如果服务器崩溃，Redis会将数据存储到磁盘. Redis还允许您设置TTL来终止会话，这将解决#4.

I would highly discourage you from using mysql to store sessions. I would suggest using redis or memcache. Redis will store the data to disk in case your server crashes. Redis also allows you to set a TTL to expire the session, which would solve #4.

如果您正在使用基于休息的呼叫，我建议您仅将会话作为cookie添加到标头中，然后将其来回传递.基本上模拟浏览器访问该页面的方式.我认为这也将使测试更加容易.

If you are using rest based calls, I would suggest just adding the session to the header as a cookie and pass that back and forth. Basically emulating the way a browser would access that page. I think that would make testing easier too.

这篇关于如何处理不同设备上的会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！