我正在使用Codeigniter开发一个Web应用程序。
这个应用程序有一个登录页面:我想避免2个人在同一时刻输入相同的凭据。为此,我想在我的数据库中存储从函数session_id()获得的值。通过这种方式,我可以在每个页面中检查用户是否具有存储在数据库中的相同session_id,如果不是他已注销。这个解决方案似乎有用(我尝试过使用两个浏览器),但似乎session_id()返回的值会随着时间的推移而变化。
我错了什么? session_id()(解释here)不会为整个会话保持相同的值?
是否有更好的方法来实现这一点?
提前谢谢你,对不起我的英语不完美
答案 0 :(得分:2)
是的,会话与您登录的位置和时间有关,而不是用户在您的应用中多次登录,所以至少我解决了这个问题,考虑到:
config['sess_match_ip'] 如何应用这些注意事项:
用户尝试登录通常是发布用户名和密码的表单
function logIn(){
$user = $this->input->post('username');
$pass = $this->input->post('pass');
$autenticated = $this->SomeModelToLogin->logInFunction($user, $pass);
//It depends on what you prefer but in the function that asks the db
//if the user, exist, hash the password and whatever set the session
//if not set it here like "first name", "last name", "data u may need", etc
}
登录功能
function logInFunction($username, $password){
//u can save a timestamp on the database when the user logs in
//and u can ask that time like a "last_log_in_time"
//or also use the session_id, if u are storing the session_id()
//in your database u can compare that every time the person logs in
//or is using your application
//and well here something like
$dataReturned = $this->db
->query("SELECT * FROM USER where pass = $pass and username=$user");
$this->session->nameOfTheUser = $dataReturned['name'];
.....
$this->session->setOtherStuff = $dataReturned['some_stuff'];
//of he exist but is he logged in?
//at some point u are saving the session_id to the row of the user
//the u can ask to the database
$question = $this->db->select()
->from('USER')
->where('session_id', session_id())
->get()->num_rows();
//now u decide if u want to destroy the session, update it whatever.
//but u much check this every time the user is using the application
// if not he can just set the session and avoid the login page, and well,
//he can use the app
//so try to make an function that check if the session_id matches one on the
//database and check it in the constructor if every controller, if it does
//not match just
/**
$this->session->unset_userdata();
$this->session->unset_userdata('is_client_login');
$this->session->sess_destroy();
$this->output->set_header("Cache-Control: no-store, no-cache, must- revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
$this->output->set_header("Pragma: no-cache");
redirect(base_url());
*/
}