为什么codeigniter将其sessiondata存储在cookie中? [英] Why does codeigniter store its sessiondata in a cookie?
问题描述
Codeigniter为什么要这样做?我的意思是不是很不安全,如果用户可以看到哪些数据存储在他们的会话?而且如果他们改变cookie中的值呢?
这是用户的数据。如果他们想改变它...那么什么?我不知道它是不安全。
您可以加密会话数据,或使用数据库进行会话数据完整性验证。 p>
对于值得的,似乎不使用本机PHP会话。文档声称,这为开发人员提供了更多的灵活性,但考虑到页面上列出的警告,我不能想象如何。
Why does Codeigniter do this? I mean isn't it very insecure if users can see which data is stored in their session? And and what if they change a value in the cookie?
Well, it's data about the user. If they want to change it... so what? I don't see how it's "insecure".
You can encrypt session data, or use databases for session data integrity verification.
The documentation is your friend; use it.
For what it's worth, it does seem daft that native PHP sessions aren't used. The documentation claims that this offers "more flexibility" to developers, but given the caveats listed on that page, I can't imagine how.
这篇关于为什么codeigniter将其sessiondata存储在cookie中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!