douzhu1188 2014-06-26 02:38
浏览 34
已采纳

PHP套接字 - 存储用户登录

Hey there I'm trying to implement a PHP Socket service which is used for a simple shoutbox. This shoutbox has a simple login form and a authentication system which is based of sessions.

When the user logins a post requests gets made comparing the values with the database and if they are valid then create a session under that user.

Since these sessions would be stored on the clients computer I was wondering how the PHP Socket would be able to obtain these when it's running on the server. So the PHP Socket would be running on the server and try to obtain the session from the server but the session is stored on the users PC on login.

I already have the shoutbox running in PHP and HTML5 Sockets the only issue is the login step which I'm not entirely sure how to do.

  • 写回答

1条回答 默认 最新

  • drn61317 2014-06-26 03:34
    关注

    Info:

    • Cookies are stored in browser, but sessions are always stored on the server.

    In this case you could store the session ID in a database and pass it along to the socket call, which can verify it from the database.

    Issues with login on web (http) and using session within socket

    • passing session ID from http to socket could be also reused on another computer and then fake a successful login.
    • login on http expires after a certain time, which does not mean that socket connection has ended
    • ending socket connection does not log out from http

    Secure approach

    • pass username and password on first call within socket to login securely. Since socket remains open the user is authenticated and you dont need to pass any session.
    • once socket closes session will also close
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?