douzhu1188 2014-06-26 02:38
浏览 34
已采纳

PHP套接字 - 存储用户登录

Hey there I'm trying to implement a PHP Socket service which is used for a simple shoutbox. This shoutbox has a simple login form and a authentication system which is based of sessions.

When the user logins a post requests gets made comparing the values with the database and if they are valid then create a session under that user.

Since these sessions would be stored on the clients computer I was wondering how the PHP Socket would be able to obtain these when it's running on the server. So the PHP Socket would be running on the server and try to obtain the session from the server but the session is stored on the users PC on login.

I already have the shoutbox running in PHP and HTML5 Sockets the only issue is the login step which I'm not entirely sure how to do.

  • 写回答

1条回答 默认 最新

  • drn61317 2014-06-26 03:34
    关注

    Info:

    • Cookies are stored in browser, but sessions are always stored on the server.

    In this case you could store the session ID in a database and pass it along to the socket call, which can verify it from the database.

    Issues with login on web (http) and using session within socket

    • passing session ID from http to socket could be also reused on another computer and then fake a successful login.
    • login on http expires after a certain time, which does not mean that socket connection has ended
    • ending socket connection does not log out from http

    Secure approach

    • pass username and password on first call within socket to login securely. Since socket remains open the user is authenticated and you dont need to pass any session.
    • once socket closes session will also close
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 阿里云python代码求解
  • ¥20 有人知道这种图怎么画吗?
  • ¥15 pyqt6如何引用qrc文件加载里面的的资源
  • ¥15 安卓JNI项目使用lua上的问题
  • ¥20 RL+GNN解决人员排班问题时梯度消失
  • ¥15 统计大规模图中的完全子图问题
  • ¥15 使用LM2596制作降压电路,一个能运行,一个不能
  • ¥60 要数控稳压电源测试数据
  • ¥15 能帮我写下这个编程吗
  • ¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路