会话永远不会过期 [英] Session should never expire by itself

问题描述

我正在使用会话在我的站点中使用登录功能. 无论用户是否注销，此会话都将在几分钟后过期. 现在我想要的是，会话应该仅在用户注销时过期.如果用户未注销其帐户，但在2-3天后又回来了，那么即使那样，他也应该显示为已登录.

I'm using login function in my site with session. This session of mine gets expired after a few minutes irrespective of whether the user has logged out or not. Now what I want is that the session should only get expired when a user logs out. If a user doesn't log out his account and then comes back after 2-3 days, even then he should appear logged in.

我找到了一些示例，这些示例增加了会话过期的时间，但我希望该会话仅在用户退出登录事件时才过期，而与用户退出登录所花费的时间无关.

I have found some examples where they have increased the time for a session to expire but I want that it should only expire on the log out event by the user irrespective of the time he took to log out.

我该怎么做?

尤其是这样做正确的方法吗?

In particular, is this the right way to do so?

session_cache_expire(0);
session_start();

推荐答案

在这种情况下，经常使用的解决方案是:

A solution that is often used, in this situation, is to:

• 会话持续时间不太长:如果用户不活跃，会话将过期(这就是它的工作方式-如果您有很多用户，这对您的服务器会更好)
• 用户登录时，您设置一个cookie，其中包含识别该用户所需的内容
• 如果他返回该站点(使用cookie，并且没有活动会话)，则可以使用该cookie中包含的信息来自动登录他，同时重新创建会话.

这种方式:

• 您没有没有充分理由的数千个活动"会话
• 您保持会话工作的标准方式

至少从用户的角度来看，您具有永不注销"的优势.

And you have the advantage of "never being logged out", at least from the user's point of view.

还要注意，对于普通"会话，当用户关闭浏览器时，包含会话ID的cookie将被删除-因此，无论会话的生存时间有多长，他都将被断开连接.
通过我建议的解决方案，您是谁设置cookie应该在用户计算机上保留多长时间；-)

Also note that with "normal" sessions, the cookie containing the session id will be deleted when the user closes his browser -- so, he will be disconnected, no matter how long the session's lifetime is.
With the solution I propose, you are the one who sets up how long the cookie should remain on the user's computer ;-)

不过，这意味着，当用户手动注销时，您当然必须同时删除其会话和cookie-因此，不会立即重新登录.

It means, though, that when a user manually logs-out, you have to delete both his session and the cookie, of course -- so he's not immediatly re-auto-logged-in.

当然，您必须注意在cookie中设置的内容:cookie不太安全，因此不要在其中存储密码，例如;-)

Of course, you have to be careful about what you set in the cookie: a cookie is not quite secure, so don't store a password in it, for instance ;-)

实际上，这种做事方式就是记住我"功能经常起作用的方式.除非，在这里，您的用户无需选中复选框即可激活记住我";-)

Actually, this way of doing things is how the "remember me" feature often works; except, here, your users will not have to check a checkbox to activate "remember me" ;-)

如果您没有时间开发这种东西，那么一种快速而又肮脏的方法是在所有页面上使用一些Ajax请求，这只会在服务器上"ping" PHP页面–这将使会话活动(但这不是一种很好的处理方式:服务器上仍然有很多会话，您将有很多无用的请求...并且仅在用户不工作的情况下才有效)关闭他的浏览器).

If you don't have the time to develop that kind of stuff, a pretty quick and dirty way is to use some Ajax request on all your pages, that will just "ping" a PHP page on the server -- this will keep the session active (but it's not quite a good way of doing things: you'll still have LOTS of sessions on the server, you'll have lots of useless requests... and it will only work as long as the user doesn't close his browser).

这篇关于会话永远不会过期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！