PHP会话与禁用的Cookie,它工作? [英] PHP Sessions with disabled cookies, does it work?
问题描述
今天我有一个作为PHP开发人员的工作的skype面试,其中一个问题是关于Cookies和PHP会话。
Today I had skype interview for a job as PHP developer, one of the questions asked was about Cookies and PHP Sessions.
问题是,PHP会话如果Cookie在用户中禁用浏览器?
The question was, can PHP session be set and read, used, if Cookies are disabled in users Browser?
我告诉他们,默认情况下,PHP会话设置取决于设置会话cookie。当PHP会话启动时,新会话Cookie设置为默认名称PHPSESSID,并且该cookie保存该会话ID的值,例如:ftu63d8al491s5gatuobj39gk7
然后在apache服务器上的tmp文件夹文件sess_ftu63d8al491s5gatuobj39gk7中创建,会话,例如:test1 | s:12:SessionTest1; test2 | s:12:SessionTest2;
I told them not, beacuse PHP Sessions by default depends on setting a session cookie. When PHP session starts, new session Cookie is set with default name PHPSESSID, and that cookie holds value of that session id, for example: ftu63d8al491s5gatuobj39gk7 Then on apache server in tmp folder file sess_ftu63d8al491s5gatuobj39gk7 is created and it holds content of that session, for example: test1|s:12:"SessionTest1";test2|s:12:"SessionTest2";
他们告诉我这不是真的,可以使用PHP会话,即使用户在他的浏览器中禁用了Cookie。
They told me that's not true, and that you can use PHP Sessions even if user disables cookies in his browser.
然后我告诉他们你可以这样做,但会话ID将作为GET变量通过URL传递。这不安全,你必须在php.ini中设置它。
Then I told them that you can do that, but then session id would be passed through URL as GET variable. And that's not secure and you must set it up in php.ini.
他们在谈论如何使用PHP会话,即使Cookies在浏览器中被禁用。而如果我们正在建设网上商店,一些奶奶使用我们的网上商店,禁用cookies,她不理会。而且PHP会话是伟大的,因为即使用户禁用Cookie,您也可以使用它们。我是wtf,wtf wt!!!!
They were talking how you can use PHP Sessions even if Cookies are disabled in browser. And what if we are building web shop, and some granny uses our web shop and disables cookies and she joust don't care. And that PHP Sessions are great because you can use them even if user disables Cookies. I was like wtf, wtf wtf?!?!
我做了两个文件测试,index.php启动会话并设置会话变量。然后session.php尝试读取会话变量。
I made test with two files, index.php starts session and sets session variables. And then session.php tries to read that session variables.
这是它的外观:
php
<p>This is where I start and set php sessions.</p>
<?php
session_start();
$_SESSION['test1'] = "SessionTest1";
$_SESSION['test2'] = "SessionTest2";
?>
<p>This is a link, that starts new HTTP Request, and tries to read session set on this page:</p>
<p><a href="session.php">Read Session</a></p>
session.php
session.php
<?php
session_start();
var_export($_SESSION);
?>
<p><a href="index.php">Back</a></p>
现在,如果您在浏览器中启用Cookie,请访问index.php,并访问session.php
Now, if you enable cookies in your browser, visit index.php, and the visit session.php , session would be printed out.
但是,如果您清除浏览器历史记录和Cookie,然后访问index.php,然后访问session.php,您将看到空数组是什么?
But, if you clear your browser history and cookies, and then visit index.php, and then visit session.php, you would see empty array right?
所以基本上我的问题是,我是对吗?
如果您在浏览器中禁用Cookie,您可以使用PHP会话吗?
默认情况下,PHP会话机制,取决于设置一个会话COOKIE?
So basically my question is, am I right? Can you use PHP sessions if you disable cookies in your browser? And do PHP Session mechanism by default, depends on setting a session COOKIE?
更新:
我很疯狂这个,回来我正在和谁说话。问他,默认情况下PHP会话是否可以没有cookie?那家伙说是。然后我告诉他他错了,他说:是的,是的,如果你这么说......开始笑。然后我告诉他,确定如果PHP会话可以工作没有设置cookie,服务器如何知道当前用户/浏览器会话ID,如果它没有存储在会话cookie? (我想看看他是否知道会话ID可以作为GET变量传递)他至少安静了20多年,告诉我他是一个系统管理员,我应该问开发人员。他是43岁,在商务中有13年的丰富经验(他开始与30?wtf?),但他相信我在这一个。我解释他如何Session工作,你可以使用它没有Cookie,但会话ID作为GET变量,并告诉他告诉他们,在面试,但他们告诉我没有,没有...:S
Update: I was going mad about this, so I called back the guy I was talking with. And asked him, can PHP session work without cookies by default? The guy said "yes". Then I told him he is wrong and he said: "yes, yes, if you say so..." and start laughing. Then I told him, ok if PHP session can work without setting cookie, how would server know current user/browser session id, if its not stored in a session cookie? (I wanted to see if he knows that session id can be passed as GET variable) And he was quiet for at least 20s, and told me that he is a System Administrator, and that I should ask that the Developer guy. And that he is 43 years old and has huge experience of 13 years in the bussines (he started with 30? wtf?), but he trusts me on this one. And I explained him how Session work and that you can use it without Cookie but then session id is passed as GET variable, and told him I told them that on interview, but they ware telling me no, no no... :S
所以基本上,这家伙没有一个关于PHP和PHP会话的线索,是的,他是一个问我关于会话告诉我PHP会话可以工作cookie,即使我告诉他不能做,并且有一种方法可以使用PHP会话没有cookie,但它不会工作默认情况下。他就像,没有没有没有...
最后他告诉我,他认为会话可以工作没有cookie,因为他,作为系统管理员在他的服务器上,永远不能看到tmp文件夹中的会话? !?
So basically, the guy didn't have a clue about PHP and PHP Sessions, and yes he was the one that asked me about sessions telling me that PHP Session can work without cookie, even when I told him it cant be done, and that there is a way to use PHP Sessions without cookies but it won't work by default. He was like, no no no... At the end he told me that he was thinking that sessions can work without cookies because he, as System Admin on his servers, can never see sessions in tmp folder?!?!?
无论如何,这些家伙吸收PHP,没有办法,我会接受他们的工作机会,毕竟,我不认为他们会给我一份工作
Anyway, those guys suck at PHP, there is no way I will accept job offer from them, and after all this I dont think they will offer me a job anyway...
推荐答案
访问您的网站的访问者被分配一个唯一的ID,
所谓的会话ID。它或者存储在用户
端的cookie中,或者被传播网址。
"A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL. "
这篇关于PHP会话与禁用的Cookie,它工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
