问题描述
当你进行会话时,我知道PHP会在客户端上存储会话
令牌,但它会将会话*数据*保存在
客户端上吗,以及?
或者是会话数据存储在服务器上,只是
索引到会话令牌数据?
标准是会话数据(因此,
如果你使用FireFox作为浏览器(工具Cookie编辑器),你会看到
看到调用session_start()会创建一个cookie对于你的域名
称为PHPSESSID,一旦窗口关闭就会消失,但是可以通过在
>
服务器。然后,可以通过服务器端脚本读取此会话ID,以便每当调用页面时,
都会识别用户。
一般来说,没有数据来自此应该位于
客户端,因为这使黑客很容易打到你的服务器。如果
你真的必须在cookie中保存更多数据,请确保它们是加密的。
加密。
When you have a session going, I know that PHP stores a session
token on the client, but does it keep the session *data* on the
client, as well?
Or is the session data being stored on the server, and just
indexed to the session token data?
Standard is that ''session-data'' (So, info in
If you use FireFox as your browser (Tools Cookie Editor), you''ll
see that calling session_start() creates a cookie for your domain
called PHPSESSID, which disappears once the window is closed, but can
be made permanent by writting the ad hoc code in a PHP script on the
server. This session ID can then be read by server-side scripts to
identify the user whenever a page is called.
Generally speaking, no data appart from this should be located on the
client, as this makes it too easy for hackers to hit your server. If
you really must save more data in cookies, make sure they''re
encrypted.
这篇关于客户端会话数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!