dounei5721 2015-08-27 14:09
浏览 39
已采纳

如何在phpmyadmin中将会话ID存储为外键

I have stores a unique session id in session when user logged in using session_regenerate_id() funciton . Every time user gets loged in in my website he will get a fresh session id.

now i want to save some of his data in a db table. I want to know how should i store data so that the new table gets foreign key from the user id of main table. Because i want to relate that information with the user id that is stored in main table. I dont want to store main table ID column in session as user_id because of security. Please all you big developers suggest me a good way in core PHP instead of frameworks.

Developers Will easily understand what i want to ask . I am a bit new :)

THANKS so much Faysal

  • 写回答

1条回答 默认 最新

  • doufen3091 2015-08-27 15:03
    关注

    When using session, a random string is generated to identify a user - this string is called session ID. Session ID is stored in cookies. Cookies are sent to the web server with every request. On the server, session ID is then connected with session data.

    Attacker can't change the session data, therefore, storing a user ID in session is not a security threat.

    For cases when an attacker steals someone's session ID, for protection you can check if the user agent and IP address are the same as when session was created. If not, just destroy the session.

    To identify a user, you need to connect session with a user. Doing so through a chain of tables in database doesn't provide any security.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算
  • ¥15 powerbuilder中的datawindow数据整合到新的DataWindow
  • ¥20 有人知道这种图怎么画吗?
  • ¥15 pyqt6如何引用qrc文件加载里面的的资源
  • ¥15 安卓JNI项目使用lua上的问题
  • ¥20 RL+GNN解决人员排班问题时梯度消失
  • ¥60 要数控稳压电源测试数据
  • ¥15 能帮我写下这个编程吗
  • ¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路