PHP 限制访问管理页面，除非登录 [英] PHP Restrict Access To Admin Page Unless Logged In

问题描述

我一直在考虑限制访问管理页面的方法.其中之一是使用会话并使用管理页面中的下一个代码部分:

I've been thinking about methods for restricting access to admin page. One of them was using sessions and using the next code section in the admin page:

if (!isset($_SESSION['is_admin'])) {
  header('Location: index.php');
  exit; 
}

我想知道是否有另一种方法可以做到这一点，这种方法被认为更安全.对这个问题的每一个新观点都会被认为是有帮助的，在此先感谢.

I'd like to know if there's another method for doing it , which is considered more secure. Every new point of view towards this issue will be considered helpful , thanks in advance.

推荐答案

会话足够安全(如果使用得当)，您所做的事情在 99% 的时间里都没有问题.但是，您还可以查看其他内容，例如 cookies，它们的工作方式类似于会话，但存储在用户计算机上并在特定日期到期.Cookie 很酷，因为它们在浏览器关闭时不会过期，因此请注意您在其中存储的内容.另一件需要考虑的事情是 SSL.如果您担心安全性，您可以使用 SSL 证书保护会话数据.您可以做的另一件事是使用 Apache 或其他工具密码保护整个目录您正在使用的服务器.

Sessions are secure enough (if used properly), what your doing will be fine for 99% of the time. However, there are other things you can look into, like cookies, which work like sessions but are stored on the users computer and expire at a certain date. Cookies are cool because they don't expire when the browser is closed, so be careful what you store in them. Another thing to consider is SSL. If security is your concern you can secure session data with an SSL certificate. Another thing you could do is password protect an entire directory with Apache or whatever server you're using.

这篇关于PHP 限制访问管理页面，除非登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！