相同的会话,不同的浏览器 [英] Same Session, Different Browser
问题描述
我在用户会话中存储积极变化的数据,这要求用户保持一致性,即使他们使用其他浏览器或 PC 登录并最终获得新的PHP 生成的 session_id
I'm storing actively changing data in user sessions, which requires consistency for the user even if they log in with another browser or PC and end up with a new PHP-generated session_id
为了解决这个问题(以及其他原因),我将用户名和 session_id 数据对存储在一个维护的专用数据库中,然后在 session_start() 之后做一些类似(简化)的事情:
To counter this issue (and for other reasons) I store a username and session_id data pair in a maintained dedicated database, then after session_start() do something like (simplified):
$saved_sessid=$db->querySingle("SELECT sessid FROM sessions WHERE user = '".$user."'");
if(!empty($saved_sessid)){
session_write_close();//dump newly generated session
session_id($saved_sessid);//apply database-saved session_id
session_start();//launch the already existing user session
}
这是否会像预期的那样工作以确保特定用户(基于登录的用户名)只有特定的 PHP 会话,或者是否会导致任何不可预见的问题,可能与安全相关的问题?我一直无法找到类似的案例或自己足够可靠地测试它,并且可以通过一些更有经验的输入来完成
Would this work as might be expected to make sure a particular user (based on logged in username) only has a particular PHP session or might it cause any unforseen issues, potentially security-related ones? I've been unable to find similar cases or test it reliably enough on my own and could do with some more experienced input
推荐答案
正如 Xuzrus 和 nogad 所评论的,本质上是在回答问题",您的方法将在没有任何添加不可预见的后果的情况下起作用,至少没有直接地.存储在 session_start() 和 session_write_close() 之间删除的会话中的任何数据当然都会丢失(我猜你已经预料到了),但新的用户实例会然后与已保存"会话的数据共享",两个访问点"通常由 php 在队列中处理,就好像只是不同的页面
as Xuzrus and nogad commented, essentially answering the "question", your method would work without any added unforeseen consequences, at least none directly. any data stored in the dropped session between session_start() and session_write_close() will of course be lost (i'm guessing you expected that), but the new user instance will then be "shared" with the "saved" session's data, with both "access points" processed in queue by php normally as if simply different pages
如果您使用多个 php 实例(多线程),我不确定,但我认为 php 将会话文件锁定在/tmp 中会使两个客户端都希望同时使用会话等待的风险行以完成正在进行的处理,但需要对此进行确认
if you're using multiple instances of php (multithreading) i'm not sure though, i think php locking the session files in /tmp will make any risk of both clients wanting to use the session at the same time wait in line for ongoing processing to complete, but need confirmation on that
这篇关于相同的会话,不同的浏览器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
