所以,这有效,但我担心跨站点请求伪造,这是否足以防止它出现?也许还有更好的方法吗?
$userCookie = password_hash($_GET['username'], PASSWORD_DEFAULT);
if(isset($_GET['remeberMe'])){
$year = time() + 31536000;
setcookie('remember_me', $userCookie, $year);
if($_GET['remeberMe']) {
setcookie('remember_me', $userCookie, $year);
}
elseif(!$_GET['remeberMe']) {
if(isset($_COOKIE['remember_me'])) {
$past = time() - 100;
setcookie(remember_me, gone, $past);
}
}
}