dongya2030
2014-04-25 14:48
浏览 55
已采纳

Codeigniter会话表结构

I would like to understand why CI's session table structure has these three primary keys: session_id, ip_address and user_agent.

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
        session_id varchar(40) DEFAULT '0' NOT NULL,
        ip_address varchar(45) DEFAULT '0' NOT NULL,
        user_agent varchar(120) NOT NULL,
        last_activity int(10) unsigned DEFAULT 0 NOT NULL,
        user_data text NOT NULL,
        PRIMARY KEY (session_id, ip_address, user_agent),
        KEY `last_activity_idx` (`last_activity`)
);

Please explain the most you can, also, I would like to hear suggestions to improve this structure. Why are ip_address and user_agent primary_keys, not just indexes? What's the difference?

Another info, this table adds a row to every user's access to the system, so, it is very bloated.

Edit: Another question that come to mind. Why would I care about user agent match?

图片转代码服务由CSDN问答提供 功能建议

我想了解为什么CI的会话表结构有以下三个主键: session_id < / code> ip_address user_agent

  CREATE TABLE IF NOT NOT EXISTS`ci_sessions`(
 session_id varchar(40)DEFAULT'0'NOT NULL,
 ip_address varchar(45)DEFAULT'0'NOT NULL,
 user_agent varchar(120)NOT NULL  ,
 last_activity int(10)unsigned DEFAULT 0 NOT NULL,
 user_data text NOT NULL,
 PRIMARY KEY(session_id,ip_address,user_agent),
 KEY`last_activity_idx`(`last_activity`)
); 
    
 
 

请尽量解释,我也想听听改善这种结构的建议。 为什么 ip_address user_agent primary_keys,而不仅仅是索引? 有什么区别?

另一个信息是,这个表为每个用户对系统的访问添加了一行,因此,它非常臃肿。

编辑 :想到的另一个问题。 我为什么要关心用户代理匹配?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongsu3654 2014-04-25 14:58
    已采纳

    The idea here is that each session will be unique. How does it identify a session? By the three values in the primary key: session_id, ip_address, and user_agent.

    If you think about it, this makes sense:

    1. If the session_id changes, then (obviously) you're dealing with a different (new) session.
    2. If the ip_addess changes, then somebody's logging in from a different PC - this will be a new session.
    3. If the user_agent value changes, then somebody's using a different browser - again, this will be a new session.

    So imagine that only the session_id is the primary key: changing either ip_address or user_agent would simply update the existing row for the session_id. If that were the case, knowing only the session_id would make it possible for me to continue the same session on another PC or with a different browser, which might be a security concern.

    You also wrote "this table adds a row to every user's access to the system, so, it is very bloated". I'm not sure if you mean every time user A accesses the system it adds a row (which is false on my application, I just tested it) or if you mean it adds a row for each user accessing the system (which is true, and the way it's supposed to work - each user using the system has a session). Maybe you could clarify that last comment.

    已采纳该答案
    打赏 评论
  • duanlei2150 2014-04-25 14:58

    "primary keys" is an oxymoron. A table cannot ever have more than one "primary key". And as written up, there is only one primary key - it's just a COMPOSITE key that contains 3 separate fields.

    That means

    (42, 127.0.0.1, "Chrome")
    (42, 127.0.0.1, "Firefox")
    

    are two entirely different sessions as far as CI is concerned, even though the IP and session ID numbers are duplicates. The 3-way tuple is unique, but individual components can be duplicated.

    打赏 评论

相关推荐 更多相似问题