PHP Sessions 登录并记住我
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12091951/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP Sessions Login with remember me
提问by Exoon
Ive got a PHP Registration/Login system using PHP Sessions which is working perfectly, I want the user to be able to tick remember me and then they stay logged in forever or at least a week or something.
我有一个使用 PHP Sessions 的 PHP 注册/登录系统,它运行良好,我希望用户能够记住我,然后他们永远保持登录状态,或者至少保持一个星期左右的状态。
Im guessing I need to store a cookie and check, I was confused at what I actually need to store in the cookie. If I store the userid or username then can't someone just use a fake cookie to look at another users data?
我猜我需要存储一个 cookie 并检查,我对我实际需要在 cookie 中存储的内容感到困惑。如果我存储用户 ID 或用户名,那么有人不能使用假 cookie 来查看其他用户的数据吗?
Any advance is appreciated.
任何进展表示赞赏。
采纳答案by Julien
Small example that I often use
我经常使用的小例子
function setSession($username,$password,$cookie=null){
// Other code for login ($_POST[]....)
// $row is result of your sql query
$values = array($username,$this->obscure($password),$row['id']);
$session = implode(",",$values);
// check if cookie is enable for login
if($cookie=='on'){
setcookie("your_cookie_name", $session, time()+60*60*24*100,'/');
} else {
$_SESSION["your_session_name"] = $session;
}
}
回答by Luke
All you need to do is extend the PHP session cookie. The following example extends the cookie by 30 days:
您需要做的就是扩展 PHP 会话 cookie。以下示例将 cookie 延长 30 天:
$params = session_get_cookie_params();
setcookie(session_name(), $_COOKIE[session_name()], time() + 60*60*24*30, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
I think by your security question you are just concerned about putting values which can be easily hacked. PHP session cookies have a random value and store its contents on the file system so you should be fine.
我认为通过您的安全问题,您只是担心放置很容易被黑客入侵的值。PHP 会话 cookie 有一个随机值并将其内容存储在文件系统上,所以你应该没问题。
回答by Gustonez
After successful login do:
登录成功后执行:
$_SESSION['user_is_loggedin'] = 1;
$cookiehash = md5(sha1(username . user_ip));
setcookie("uname",$cookiehash,time()+3600*24*365,'/','.yoursite.com');
store in sql:
存储在sql中:
$sql = "UPDATE `users` SET `login_session`='$cookiehash' WHERE `user_id`='$uid'";
to check if user logged in:
检查用户是否登录:
function CheckCookieLogin() {
$uname = $_COOKIE['uname'];
if (!empty($uname)) {
$sql = "SELECT * FROM `users` WHERE `login_session`='$uname'";
$_SESSION['user_is_loggedin'] = 1;
$_SESSION['cookie'] = $uname;
// reset expiry date
setcookie("uname",$uname,time()+3600*24*365,'/','.yoursite.com');
}
}
if(!isset($_SESSION['cookie']) && empty($_SESSION['user_is_loggedin'])) {
CheckCookieLogin();
}
