Hi I have a security related question I allow users to login and register my question is when a user logs in my script just sets the session no cookies so is it safe to only rely on sessions not on cookies? or I use both the cookies and sessions?
1条回答 默认 最新
douyuefei3546 2013-03-16 06:40关注PHP sessions use cookies to track the ID of the session. Thus, it is safe, because you actually are using cookies.
It's worth noting that you should try to prevent session-hijacking - you can do this by validating the IP of the user among other things in your
$_SESSIONobject.Edit
I suggest you read this. Quote:
The session_start( ) function generates a random Session Id and stores it in a cookie on the user's computer (this is the only session information that is actually stored on the client side.) The default name for the cookie is PHPSESSID, although this can be changed in the PHP configuration files on the server (most hosting companies will leave it alone, however.) To reference the session Id in you PHP code, you would therefore reference the variable $PHPSESSID (it's a cookie name; remember that from Cookies?)
Note: stores it in a cookie
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
- 回答 1 已采纳 PHP sessions use cookies to track the ID of the session. Thus, it is safe, because you actually ar
- 2018-03-15 17:52回答 1 已采纳 Use a javascript setInterval instead. It will send timed requests to the backend to check if the s
- 2018-09-05 14:53回答 1 已采纳 Using cookies over sessions work just as well. This solved my problem.
- 2020-10-28 01:59今天帮客户配置服务器的时候运行phpmyadmin出现了“无法在发生错误时创建会话,请检查 PHP 或网站服务器日志,并正确配置 PHP 安装。”的错误,经排查原来是权限问题,大家可以参考下面的方法解决
- 2016-02-08 12:12回答 3 已采纳 desc is reserved keyword. Try with - INSERT INTO products(shopid, name, qty, price, `desc`,.....
- 2014-02-24 19:32回答 2 已采纳 You need to put session_start() at the top-side of your PHP file, outside of the checkLogin() func
- 2014-02-09 06:23回答 1 已采纳 You need to add <?php session_start(); ?> on each page in the very beginning.. So, the c
- 2020-10-28 23:19无法在发生错误时创建会话,请检查 PHP 或网站服务器日志,并正确配置 PHP 安装最快的解决办法
- 2012-03-18 20:29回答 2 已采纳 call session_start() at the top line of your every script and always have a check whether the var
- 回答 2 已采纳 I saw two vulnerabilities: 1) CSRF (using variable directly from get method ) 2) Exit not used a
- 2012-12-30 18:27回答 2 已采纳 Why not just set $_SESSION['logged_in_at'] = time() when the user logs in, then check if( time() -
- 2021-04-29 08:40仇文涛的博客 笔记内容来源于《PHP和mysql web开发》,有兴趣的可以看看这本书,一.什么是会话控制:http是一个无状态协议,说明http没有一个...在PHP4之后,PHP包含了会话控制函数,可以使用$_SESSION 超级全局变量。二.基本的会...
- 2016-10-25 08:59回答 3 已采纳 I think this is what you are trying to accomplish: if($_SESSION['user_type']=="student" || $_SESS
- 2021-04-28 08:12小陶的盐汽水的博客 原标题:PHP面试中会话控制的内容介绍一、sessionPHP的会话也称为Session。PHP在操作Session时,当用户登录或访问一些初始页面时服务器会为客户端分配一个SessionID。SessionID是一个加密的随机数字,在Session的...
- 2021-05-08 19:03键盘侠·伍德的博客 会话技术初步认识会话技术介绍web会话可简单理解为:用户开一个浏览器,访问某一个web站点,在这个站点点击多个超链接,访问服务器多个web资源,然后关闭浏览器,整个过程称之为一个会话。HTTP协议的特点是无状态/无...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 C++ yoloV5改写遇到的问题
- ¥20 win11修改中文用户名路径
- ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
- ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
- ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
- ¥15 帮我写一个c++工程
- ¥30 Eclipse官网打不开,官网首页进不去,显示无法访问此页面,求解决方法
- ¥15 关于smbclient 库的使用
- ¥15 微信小程序协议怎么写
- ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?