在PHP $ _SESSION中存储数据是否不安全? [英] Is storing data in PHP $_SESSION insecure?

问题描述

据我了解，PHP进程不像应用程序服务器进程那样运行.因此，在执行脚本之后，PHP进程将不保留任何用户特定的数据.而是将它们存储在用户的Cookie中.因此，无论我们存储在$_SESSSION中的什么内容，都会进入Cookie.这是真的?如果是，那么它们是以明文形式存储还是经过某种编码或加密?

As per my understanding, PHP processes doesn't behave as application server process. So, after the execution of a script the PHP process retains no user specific data. It instead stores them in the user's cookie. So whatever we store in $_SESSSION goes into cookies. Is this true? If yes then are they stored in clear text or some encoding or encryption is done?

推荐答案

不，会话cookie唯一涉及的是会话的ID，即随机的字母数字字符串.所有会话数据都存储在服务器上的文件中(使用默认会话处理程序，尽管您可以覆盖将数据存储在任何位置/任何方式).

No, the only thing that goes into the session cookie is the ID of the session - a random alphanumeric string. All the session data is stored on the server in a file (using the default session handler, though you can override to store the data anywhere/any way you want).

这篇关于在PHP $ _SESSION中存储数据是否不安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！