PHP - HTTP身份验证或$ _SESSION验证用户?

时间:2015-10-08 01:49:19

标签: php session http-authentication php-5.6

HTTP身份验证和$ _SESSION在登录表单上对用户进行身份验证有什么区别?

HTTP,

<?php
if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_USER'] !== 'demo' || $_SERVER['PHP_AUTH_PW'] !== 'demo') {

    header("WWW-Authenticate: Basic realm=\"Secure Page\"");
    header("HTTP\ 1.0 401 Unauthorized");
    echo 'No soup for you';
    exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Basic HTTP Authentication</title>
</head>
<body>

<h1>Secure Page</h1>

<p>This is a page with secure content...</p>

</body>
</html>

SESSION,

ession_start();
if( isset($_POST['username']) && isset($_POST['password']) )
{
    if( auth($_POST['username'], $_POST['password']) )
    {
        // auth okay, setup session
        $_SESSION['user'] = $_POST['username'];
        // redirect to required page
        header( "Location: index.php" );
     } else {
        // didn't auth go back to loginform
        header( "Location: loginform.html" );
     }
 } else {
     // username and password not given so go back to login
     header( "Location: loginform.html" );
 }

哪一个更安全?

1 个答案:

答案 0 :(得分:0)

我会选择PHP版本,因为它更安全,更容易使用。

相关问题
最新问题