duanniling0018 2013-03-23 01:21
浏览 66
已采纳

PHP / Symfony2中每个用户两个会话

I'm using Symfony2, but this is probably just a PHP question.

  1. Based on my understanding (please correct if I am wrong) if I set the session cookie to secure then the cookie only gets sent on secure connections. So on non-secure connections the server in fact can't remember anything based on the user visit. I just want to confirm my understanding on this.

  2. Is it possible to have two session cookies? One for all protocols to store session data that isn't secure (e.g. isn't a user authentication/login) and the second session would be secure-only and handle the login authorisation.

    I know I could set a local cookie for the odd non-secure thing, but I'm really looking at being able to use $_SESSION twice (One for all and one for https-only).

    I feel that using secure cookie is essential for user authentication/login, but I also would like to be able to have some form of session on non-secure pages too.

  3. Does Symfony2 do anything in particular as to any of this? I know it handles sessions quite well through its in-built classes, but does it do anything particular in terms of using secure cookies?

  • 写回答

1条回答 默认 最新

  • dpgu5074 2013-03-23 11:47
    关注

    For (1) - Yes, you're correct

    For (2) - you can have 2 separated $_SESSION (secured and unsecured ones) communicate with each other by passing SessionID in your query string (probably with some hash protection to avoid the naughty users). Some more information here Session lost when switching from HTTP to HTTPS in PHP and Switching between HTTP and HTTPS pages with secure session-cookie

    As recommended in the threads, if possible, you can also make your life easier by considering to make your page HTTPS

    For (3) - I'm not an expert in Symfony2 but quick look through the documentation, it doesn't have any particular tool for you to use in this case, except the support to set if you want your cookie secured or not

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题