验证PHP会话

时间:2013-10-05 00:53:37

标签: php sql session

我有这个功能,检查用户是否正确登录(一切正常)。成功响应发送此

// Success array, send back requested information for settings
$response = array(
    'status' => '1',
    'response' => array(
        'uid' => $data->id,
        'email' => $data->email,
        'username' => $data->username,
        'key' => $this->hash($data->id . $data->username . $data->email)
    )
);

$response['response']包含将要设置的所有会话变量。设置key的示例如下所示

// Returns this : 5da099bda1be066384e8574f7de198dcef014ce28e99694239d2237b7ec854aa
print $this->registry->user->hash('1','test','test@test.com');

现在可以安全地在会话变量中设置该密钥并运行这样的检查(我现在这样做):

public function authenticate_session() {
        if (isset($_SESSION) && !empty($_SESSION)) {
            if ($_SESSION['key'] !== $this->hash($_SESSION['uid'] . $_SESSION['username'] . $_SESSION['email'])) {
                return false;
            } else {
                return true;
            }
        } else {
            return false;
        }
    }

或者我应该将密钥存储在数据库中并对所述数据库运行交叉检查以检查会话是否有效?

然后我会在文件顶部检查:

<?php 
    if(!$this->registry->user->authenticate_session()) {
        $this->registry->user->end_session();
        die(header("Location: /user/login));
    }
?>

0 个答案:

没有答案
相关问题
最新问题