有关PHP中会话的快速问题 [英] Quick question about sessions in PHP

问题描述

会话是通过session_start()启动的，我知道很多，但是要使会话持久化，它们需要一个ID.

Sessions are started via session_start(), I realize that much, but to make sessions persistent, they need an ID.

现在，php.ini文件具有一个设置:

Now, the php.ini file has a setting:

session.use_cookies = 1

因此，我不必传递ID.但是还有另一种设置:

So I don't have to pass the ID around. But there's another setting:

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

我是否理解，如果我实施此操作并转到我的网站，登录，执行我想做的事，关闭浏览器，然后过一会儿再启动它，那我就不再登录了.回到我的网站?

Am I to understand that if I implement this and go to my website, login, do what I wanna do, shut the browser down and start it again some time later, that I won't be logged in anymore when I go back to my site?

因此要保持登录状态，我必须将其与客户端Cookie结合使用.

So to stay logged in, I will have to combine this with client-side cookies.

我猜我将需要2个数据库字段.会话ID为1，我给cookie的ID为1.

I'm guessing I'll need 2 database fields. 1 for the sessions ID, 1 for the ID I give to the cookie.

推荐答案

不会，您将不再登录.

在这里查看我的答案: http://www.drupal.org/node/31506 ，了解有关任务分散的更多信息(如果您希望在一段时间后让人们退出).可能会对您有帮助.

See my answer here: How do I Keep a user logged in for 2 weeks? (See http://www.drupal.org/node/31506 for more information about sheduled tasks, if you want people to be signed out after an amount of time). It might help you.

检查用户代理字符串(仅出于安全性考虑.如果黑客以某种方式发现了密钥...他可以发送伪造的cookie并自动登录.对于一次切换浏览器的人，他们可以复制Cookie后再次登录.但是，这对于不停更改或更新浏览器的人来说是一场灾难.

Check the user agent string (just for security. If an hacker found out a key in some way... he can send a fake cookie and be logged in automatically. For people who switch a browser one time, they can just sign in again once after copying cookies. However, this would be a disaster for people who change or update browser nonstop).

这篇关于有关PHP中会话的快速问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！