duanlinpi0265 2018-05-19 15:15
浏览 82
已采纳

PHP MySQL使用两个SESSION提交

I have a webshop, user will buy something When the user visit the my web, their data will be saved temporarly in a variable $user as an array It will be checked when the user buy something, if their balance is more or equal to the things that they want to buy, but the problem arise when there are some users that try to use two browsers to buy things at the same times, their balance just cut once (it should be twice, since they buy it twice using two browsers)

I know I can just update the $user variable before checking, but I will have to run another query to MySQL, and there is many orders ...

Is there any SQL syntax that can be used to prevent this kind of attack? for checking their balance and make sure it's correct

  • 写回答

1条回答 默认 最新

  • dongpu4141 2018-05-19 15:43
    关注

    Based on your current setup (ie using a variable):

    Someone using two browser on the same site trying to use up their balance is going to be fairly rare, with most cases someone trying to game your system.

    Just finally check their balance at the point of processing the order and if ok allow it, otherwise don't. For those doing it by accident (which is rare), they'll soon realise the error.

    An alternative:

    It'd be better to check the real data rather than a variable which isn't reliable and has to be forced to be persistent, and as you know not available in different sessions.

    I think a better way would be to use some fast centralised persistent storage like Redis (fairly easy to learn, essentially it's an array stored in memory). You can then store their username (or whatever uniquely IDs them) and while they may have different keys across the two browsers, there will be a common unique ID and you can update their credit value in both (all) sessions by searching for the unique ID.

    Then whatever browser that user is logged in to will be updated same as other browsers.

    Maybe a better idea:
    Unless your application needs it, don't let people log in to different browsers/devices. When they try to login, state "already logged in on another place, want to log that one our and log in here?" etc

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度