2014-04-25 14:48
浏览 55


I would like to understand why CI's session table structure has these three primary keys: session_id, ip_address and user_agent.

        session_id varchar(40) DEFAULT '0' NOT NULL,
        ip_address varchar(45) DEFAULT '0' NOT NULL,
        user_agent varchar(120) NOT NULL,
        last_activity int(10) unsigned DEFAULT 0 NOT NULL,
        user_data text NOT NULL,
        PRIMARY KEY (session_id, ip_address, user_agent),
        KEY `last_activity_idx` (`last_activity`)

Please explain the most you can, also, I would like to hear suggestions to improve this structure. Why are ip_address and user_agent primary_keys, not just indexes? What's the difference?

Another info, this table adds a row to every user's access to the system, so, it is very bloated.

Edit: Another question that come to mind. Why would I care about user agent match?

图片转代码服务由CSDN问答提供 功能建议

我想了解为什么CI的会话表结构有以下三个主键: session_id < / code> ip_address user_agent

 session_id varchar(40)DEFAULT'0'NOT NULL,
 ip_address varchar(45)DEFAULT'0'NOT NULL,
 user_agent varchar(120)NOT NULL  ,
 last_activity int(10)unsigned DEFAULT 0 NOT NULL,
 user_data text NOT NULL,
 PRIMARY KEY(session_id,ip_address,user_agent),

请尽量解释,我也想听听改善这种结构的建议。 为什么 ip_address user_agent primary_keys,而不仅仅是索引? 有什么区别?


编辑 :想到的另一个问题。 我为什么要关心用户代理匹配?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongsu3654 2014-04-25 14:58

    The idea here is that each session will be unique. How does it identify a session? By the three values in the primary key: session_id, ip_address, and user_agent.

    If you think about it, this makes sense:

    1. If the session_id changes, then (obviously) you're dealing with a different (new) session.
    2. If the ip_addess changes, then somebody's logging in from a different PC - this will be a new session.
    3. If the user_agent value changes, then somebody's using a different browser - again, this will be a new session.

    So imagine that only the session_id is the primary key: changing either ip_address or user_agent would simply update the existing row for the session_id. If that were the case, knowing only the session_id would make it possible for me to continue the same session on another PC or with a different browser, which might be a security concern.

    You also wrote "this table adds a row to every user's access to the system, so, it is very bloated". I'm not sure if you mean every time user A accesses the system it adds a row (which is false on my application, I just tested it) or if you mean it adds a row for each user accessing the system (which is true, and the way it's supposed to work - each user using the system has a session). Maybe you could clarify that last comment.

    打赏 评论
  • duanlei2150 2014-04-25 14:58

    "primary keys" is an oxymoron. A table cannot ever have more than one "primary key". And as written up, there is only one primary key - it's just a COMPOSITE key that contains 3 separate fields.

    That means

    (42,, "Chrome")
    (42,, "Firefox")

    are two entirely different sessions as far as CI is concerned, even though the IP and session ID numbers are duplicates. The 3-way tuple is unique, but individual components can be duplicated.

    打赏 评论

相关推荐 更多相似问题