检查会话是否存在(Nginx) [英] Check the existence of a session (Nginx)

问题描述

我在PHP中有两个会话:

I have two sessions in PHP:

$_SESSION["session"]["key"] = md5 ($token . $userAgent . $ip);
$_SESSION["session"]["timeout"] = time ();

只想检查与nginx的会话，尝试了以下代码但未成功:

Just want to check that sessions with nginx, tried this code without success:

location / {
    if ($request_filename ~* "index.php") {
        break;
    }

    if ($http_cookie ~* "session") {
        break;
    }

    rewrite ^.+$ https://localhost/index.php last;
}

有任何线索吗?

谢谢.

推荐答案

cookie仅保存会话ID，因此总是在session_start();上创建一个ID，因此，如果您在脚本中调用该用户，则该用户将始终具有一个会话ID.

a cookie just holds the Session ID, an id is always created upon session_start(); so if your calling that within your script the user will always have a session id.

您最好的选择还是添加第二个Cookie:

your best bet is too add a second cookie:

setcookie('session_key',md5 ($token . $userAgent . $ip));

然后在nginx中:

if ($http_cookie ~* "session_key")
{
    break;
}

检查该cookie是否已设置.

to check if that cookie is set.

如果哈希敏感，则执行以下操作:

If the hash is sensitive then do this:

setcookie('session_key_active','1');

然后在Nginx中使用

Then in Nginx:

if ($http_cookie ~* "session_key_active")
{
    break;
}

但这仍然容易受到攻击，请始终检查服务器端值是否匹配！

But this is still vulnerable , always check server side values match!

这篇关于检查会话是否存在(Nginx)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！