dpiz9879 2019-08-02 21:31
浏览 151
已采纳

PHP session_set_cookie_params()是否在用户计算机上创建可操作的cookie?

I'm creating a dashboard where I have the front end on one subdomain and the api which is in php on another subdomain. I was looking for how to preserve $_SESSION between the two and found this. So what I'm inquiring about is since cookies are stored on the users machine and I'm sending the user id to the api, would they be able to manipulate this value and browse the app as a different user assuming I use session_set_cookie_params(). So I would be using $_SESSION in the api but this native function makes me think they'd be able to change the value.

  • 写回答

1条回答 默认 最新

  • dry18813 2019-08-06 13:41
    关注

    I don't believe this method I've alluded to is of any danger (knock on wood) but I'm just going to go for the /api/ subfolder structure anyways at this point as having a separate endpoint seems to make things too spread out.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题