douyi4912 2015-11-04 22:56
浏览 65
已采纳

Codeigniter会话 - 同一IP地址上的多个相同计算机

I'm running across a scenario with a web app that's written in Codeigniter and uses the session library (it's Codeigniter pre-3.0, so it's perhaps the older session library).

The scenario is that this particular use case have multiple absolutely identical laptops (Chromebooks) on the same network (same external IP address) saving data with session data to mysql. How can I tell each session apart? They will all have identical user agent's, identical IP addresses, etc.

The background on this is that each user account is tied to a session and when data is saved, some users are overlapping sessions with other users, thus creating inaccurate data about what user saved what data.

Is there a way to make it more specific so the correct user is accurately detected?

  • 写回答

1条回答 默认 最新

  • doufei4418 2015-11-04 23:30
    关注

    It's possible that this is the result of a session collision, but keep in mind that the real distinguishing factor behind a session is the sessionID and not the IP or UA string. That is to say even if two users both have the same remote IP and UA string in a request where neither of them already have a session cookie in their browser, they should still each be assigned a randomly generated (hopefully unique) sessionID, thus still distinguishing their sessions.

    If you're using CI to store session in the DB there is a simple test you could do to detect whether or not a session collision has in fact occurred. In the session driver, where the session is created, check the DB table you're using for storing sessions for an existing session ID (bar matching IP/UA) against the newly generated session id by the driver and log the matching IDs.

    At least this way you'll have some indication of whether or no it's actually happening and how frequently it's happening.


    Some of the root causes for session collision is poor source of entropy (PHP uses /dev/urandom by default as of PHP 5.4, but CI may do something different); using high-collision rate hashes like md5 (try sha256 or better instead); or just having too many concurrent workers overloading the server (try lowering your php-fpm or apache prefork max children setting, for example).

    It's important to note that PHP doesn't inherently attempt to prevent session collision in general. This is mostly because such checks at runtime would be a performance cost and the expectation is that the probability of a collision occurring is rather low with good configuration (although not impossible). PHP has tons of settings for fine-tuning this in its own session manager, although codeigniter does it's own thing (and I can't be bothered to read their documentation to figure out what they do wrong to be honest).

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 宇视监控服务器无法登录
  • ¥15 PADS Logic 原理图
  • ¥15 PADS Logic 图标
  • ¥15 电脑和power bi环境都是英文如何将日期层次结构转换成英文
  • ¥15 DruidDataSource一直closing
  • ¥20 气象站点数据求取中~
  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
  • ¥50 STM32单片机传感器读取错误
  • ¥50 power BI 从Mysql服务器导入数据,但连接进去后显示表无数据