I'm creating a dashboard where I have the front end on one subdomain and the api which is in php on another subdomain. I was looking for how to preserve $_SESSION between the two and found this. So what I'm inquiring about is since cookies are stored on the users machine and I'm sending the user id to the api, would they be able to manipulate this value and browse the app as a different user assuming I use session_set_cookie_params(). So I would be using $_SESSION in the api but this native function makes me think they'd be able to change the value.
PHP session_set_cookie_params()是否在用户计算机上创建可操作的cookie?
- 写回答
- 好问题 0 提建议
- 关注问题
分享- 邀请回答
-
1条回答 默认 最新
- dry18813 2019-08-06 13:41关注
I don't believe this method I've alluded to is of any danger (knock on wood) but I'm just going to go for the /api/ subfolder structure anyways at this point as having a separate endpoint seems to make things too spread out.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2021-05-01 11:17不吃香菜的鱼的博客 标签:php即时通讯期待更多的会议,并希望一些投入.在简单的登录表单上,一旦提交...session_set_cookie_params( time() + 600, './', 'example.co.uk', false, false);session_start();$_SESSION['TOKEN'] = TOKEN;...
- 2023-03-27 10:01快点好好学习吧的博客 通过session_set_cookie_params()函数可以设置cookie的参数,然后通过setcookie()函数将cookie发送给浏览器,从而使浏览器在后续的请求中自动发送该cookie。在PHP中,session机制通过设置session ID的cookie来识别...
- 杜客的博客 基本上它不一样.对于setcookie$value = 'something from somewhere';setcookie("TestCookie", $value);setcookie("TestCookie", $value, time()+3600); /* expire in 1 hour */setcookie("TestCookie", $value, time...
- 2022-12-29 11:36kdbshi的博客 session_set_cookie_params() 函数用于设置 session 的 lifetime(生存时间)。要使用这个函数,请按照以下步骤操作: 在 PHP 代码中包含 session_set_cookie_params() 函数。您可以通过在代码中使用以下语句来包含...
- 2021-03-23 22:09weixin_42365804的博客 If you set the session.gc_maxlifetime in .htaccess, your apache conf or use ini_set in your code, it won't work and sessions will still be destroyed after 30 minutes. That's because /usr/lib/...
- 2019-10-08 07:21diyue3206的博客 session_set_cookie_params() 函数不管刷不刷新页面,都不会改变cookie的过期时间, ...在php7.2 的环境下使用 session_set_cookie_params() 函数会提示报错,Cannot change session cookie parameters wh...
- 2019-05-14 00:25学灯的博客 session_set_cookie_params(): Cannot change session cookie parameters when session is active 报错什么鬼,就是说此时有一个处在生命周期内的“活体”,不能强行改变cookie,会被拒绝访问。 ok。。**session_...
- 2021-03-23 22:10丝竹缓离愁的博客 在一个页面设置一个cookie时,必须刷新或到下一个页面才可以用 $_COOKIE 得到变量的值.原因是因为当页面第一次被浏览器访问载入时,页面中的 cookie 会被设置,将其发送存储到客户端指定的存储位置,所以$_COOKIE没有...
- 2021-04-09 10:25weixin_39900582的博客 This function is quite handy when it comes to expiring session cookies... since Session cookies don't automatically get destroyed (see the session_destroy page).For instance, here's what I plan to use...
- 2017-04-20 10:13phphhhp的博客 Session储存于服务器端(默认以文件方式存储session),根据客户端提供的session id来得到用户的文件,取得变量的值,session id可以使用客户端的Cookie或者Http1.1协议的Query_String(就是访问的URL的“?...
- 没有解决我的问题, 去提问
