使用Twitter登录,并保持登录状态(PHP) [英] Sign in with Twitter, and stay signed in (PHP)
问题描述
我正在创建一个网站,用户需要注册参加。我在截止日期,我不想真正想写一个完整的用户注册/登录系统,所以我想我会让Twitter API处理它。我已经注册了一个与Twitter的应用程序,我有适当的PHP代码,以允许用户登录并允许访问我的应用程序。事情是,我不希望用户每次访问网站时都必须登录,我想实现一个保持登录选项,我只是无法确定如何做。 / p>
我可以简单地将oauth_token和oauth_token_secret存储在cookie中,并且每次有人访问网站时只需读取cookie。这些cookie值的存在(或不存在)将确定该人是否被授权使用twitter。当然,这是一个简单的方法,如果用户决定使用cookie,可能会发生错误。
另一种方法是在cookie中只存储oauth_token ,并在我的数据库中保存oauth_token和oauth_token_secret。当用户访问时,我检查cookie值,如果它存在,我检查数据库匹配的值并获取秘密令牌,但如果用户曾经获得他人的oauth_token密钥,情况可能会出错。 p>
最后一个选项是在数据库中存储令牌和token_secret,并生成一个唯一的随机值,或者对它进行一些任意操作,以进一步隐藏它,也许md5 )它,并将该值存储在cookie和数据库中。
当然,我真的不知道这种事情,这就是为什么我选择不写我自己的用户系统。基本上我只是不想让用户每次都必须登录(或者甚至必须每次点击使用Twitter登录链接)。如果他们已经登录,并且已经批准我的应用程序访问其帐户,我希望他们能够访问该网站并让其记住它们。
保持登录部分可以由您处理。你让用户第一次通过twitter登录,然后设置一个cookie。以后你检查一下是否设置了一个cookie,如果是这样,使用它来自动登录用户和失败的提供twitter登录。
您不需要强制twitter执行保留记录。
I'm creating a site where users will need to register to participate. I'm on a deadline, and I don't really want to write an entire user registration / login system, so I'm thinking I'll let the Twitter API handle it. I've registered an application with Twitter and I've got the proper PHP code to allow users to sign in and allow access to my application. The thing is, I don't want users to have to log in every time they visit the site, I'd like to implement a "stay signed in" option, I'm just having trouble figuring out how to do it.
I could simply store the oauth_token and oauth_token_secret in a cookie and simply read the cookie every time someone visits the site. The existence (or absence) of those cookie values will determine whether or not the person is authorized with twitter. Of course, this is a simple approach, and bad things could happen if users decided to mess with the cookie.
Another approach would be to store only the oauth_token in the cookie, and save both the oauth_token and oauth_token_secret in my database. When the user visits, I check for the cookie value and if it's present, I check the database for a matching value and fetch the secret token, but things could still go wrong if the user ever gets ahold of someone else's oauth_token key.
The final option would be to store both the token and token_secret in the database and generate a unique random value, perhaps do some arbitrary operations on it to further obscure it, maybe md5() it, and store THAT value in the cookie and also in the database.
Of course, I really know nothing about this kind of thing, which is why I opted to not write my own user system. Basically I just don't want the user to have to sign in every time (or even to have to click the "Sign in with Twitter" link every time). If they're already signed in and have already approved my application to access their account, I want them to be able to visit the site and have it remember them. What would be the best way to do this?
The "stay logged in" part could be handled by you. You get the user to login via twitter the first time and then set a cookie. In future you check to see if a cookie is set and if so use that to auto-login the user and failing that offer twitter for login.
You don't need to force twitter to do the stay-logged in part.
这篇关于使用Twitter登录,并保持登录状态(PHP)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
