为什么在数据库中保存会话是好的保存？ [英] Why is it good save to save sessions in the database?

问题描述

我已经看到codeigniter有能力在数据库中保存会话值。

它说在数据库中保存会话是好的安全实践。

I have seen that codeigniter have facility to save session values in database.
It says saving session in database is good security practice.

但我认为在数据库中保存会话有助于提高性能。

它们只保存会话的一些元素，例如

But I think saving session in database helps to improve performance.
They save only few elements of the session, such as

CREATE TABLE IF NOT EXISTS  'ci_sessions' (
  session_id varchar(40) DEFAULT '0' NOT NULL,
  ip_address varchar(16) DEFAULT '0' NOT NULL,
  user_agent varchar(50) NOT NULL,
  last_activity int(10) unsigned DEFAULT 0 NOT NULL,
  user_data text NOT NULL,
  PRIMARY KEY (session_id)
);

但是如果一个网站使用更多的会话变量，如用户名，最后登录时间等，他们在数据库中并在程序中使用它们。

But if a site use more session variable such as username, last logging time, etc, can I save them in database and use them in the program.

如果是，我必须将这些coloum添加到同一个表中吗？\\
我认为在数据库中保存会话只有帮助减少web服务器的内存

If yes, do I have to add these coloum to same table?
I think saving session in database helps only to reduce web servers's memory usage (RAM).
And can anybody explain in what sense it does improve security.

推荐答案

使用（RAM）它不会以任何方式提高安全性。

It doesn't improve security in any way.

在数据库中存储会话的最常见和合理的模式是当您有多个前端服务器时，因此您需要一个共享会话

The most common and reasonable pattern to store sessions in database is when you have several frontend servers, so you need a shared session storage for them.

对于downvoters：文件系统中的文件不比数据库中的记录安全。

For downvoters: a file in filesystem isn't less secured than a record in database.

这篇关于为什么在数据库中保存会话是好的保存？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！