如何将codeigniter的会话系统与$ _SESSION内置的PHP分开? [英] How are codeigniter's session system separated with PHP's built in $_SESSION?
问题描述
如手册所述:
注意:Session类不使用本机PHP会话.它 生成自己的会话数据,从而为 开发人员.
Note: The Session class does not utilize native PHP sessions. It generates its own session data, offering more flexibility for developers.
但是当我使用$this->session->set_userdata(array('sample_key' => 'sample_value'));存储一些数据时,在phpinfo()中我可以在其中找到sample_key和sample_value.
But when I store some data using $this->session->set_userdata(array('sample_key' => 'sample_value'));, in phpinfo() I can find sample_key and sample_value in that.
我希望这部分
不利用本地PHP会话
does not utilize native PHP sessions
意味着它隐藏了phpinfo()中的会话变量.
to be meaning that it hides the session variables from phpinfo().
我一直认为这可能是安全方面的不足.可以吗?
I'd always thought that it might be a security lack. Could it be?
看起来,这些值是urlencode ed.
As it seems, the values are urlencodeed.
推荐答案
CodeIgniter的会话"仅将数据存储在cookie中,并将其称为会话.本机PHP会话将数据存储在服务器上,并将"sessionID"存储在cookie中.
CodeIgniter's "session" just stores the data in a cookie, and calls it a session. Native PHP sessions store the data on the server, and a "sessionID" in a cookie.
在phpinfo中,您可以看到变量,但是在您的会话中,看不到其他用户的会话.
In phpinfo, you can see the variables, but it's your session, you can't see another user's session.
这篇关于如何将codeigniter的会话系统与$ _SESSION内置的PHP分开?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
