我一直在进行必须在24/7内工作的会话,直到用户完全像“ facebook”一样注销后才注销。我试图编写代码,但是它没有用,所以我用谷歌搜索了它,但是不幸的是找不到任何可行的解决方案,所以我来了。我先尝试仅使用会话,但没有用,所以我使用的是cookie的会话,且cookie的过期时间为10年,但仍然无效。我的代码是
index.php
include_once('includes/open-pdo.php');
include_once 'model.php';
if(!empty($_SESSION["is_logged_in"])) {
header('Location: dashboard.php');exit;
}
if(!empty($_COOKIE["member_login"])) {
$username = trim($_COOKIE["member_login"]);
$password = trim($_COOKIE["member_password"]);
$valid_user_details = check_user_login($username, $password);
if(count($valid_user_details)>0 && $valid_user_details['user_id'] > 0){
$_SESSION['ses_user_id'] = $valid_user_details['user_id'];
$_SESSION['ses_username'] = $valid_user_details['user_name'];
$_SESSION['ses_user_email'] = $valid_user_details['user_email'];
header('Location: dashboard.php');exit;
}else{
header('location: index.php?action=logout');exit;
}
}
if(!empty($_POST['submit'])){
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$valid_user_details = check_user_login($username, $password);
if(count($valid_user_details)>0 && $valid_user_details['user_id'] > 0)
{
$_SESSION['ses_user_id'] = $valid_user_details['user_id'];
$_SESSION['ses_username'] = $valid_user_details['user_name'];
$_SESSION['ses_user_email'] = $valid_user_details['user_email'];
$_SESSION['is_logged_in'] = true;
/* Store COOKIES of duration for 10 years expiry */
setcookie ("member_login",$_POST["username"],time()+ (10 * 365 * 24 * 60 * 60));
setcookie ("member_password",$_POST["password"],time()+ (10 * 365 * 24 * 60 * 60));
header('Location: dashboard.php');exit;
}else{
header('location: index.php?action=logout');exit;
}
}
<body>
<form class="form-signin" action="" method="post">
<input type="text" class="form-control" name="username" placeholder="Email Address" required="" autofocus="" />
<input type="password" class="form-control" name="password" placeholder="Password" required=""/>
<button class="btn btn-lg btn-primary btn-block" type="submit" name="submit" value="submit">Login</button>
</form>
</body>
dashboard.php
if(empty($_COOKIE["member_login"]) || empty($_SESSION["is_logged_in"])) {
header('location: index.php?action=logout');exit;
}
echo '<div style="text-align:center;"><h3>Welcome to Dashboard - <b>'.$_SESSION['ses_username'].'</b></h3>';
echo '<span style="font-size:20px;"><a href="logout.php">logout</a></span> </div>';
任何人在那里都请帮助我。谢谢。
答案 0 :(得分:0)
坏主意将登录名和密码存储在cookie中,即使它们已加密也是如此。您需要为某些经过身份验证的用户生成密钥。例如,将其存储在数据库中(user_id,cookie_key)。而且,如果密钥存在于cookie中,则比通过cookie_key从数据库中获取user_id。
示例SQL:
create table user_cookie_token (user_id int, cookie_key char(32))
用户登录后,将其添加到cookie并存储在db中后,生成cookie密钥:sha1(user_id . time())
。
答案 1 :(得分:0)
来自https://secure.php.net/manual/en/function.session-set-cookie-params.php
对于启动会话的代码,请尝试以下操作...
if (!empty($_POST['submit'])){
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$valid_user_details = check_user_login($username, $password);
if (count($valid_user_details) > 0 && $valid_user_details['user_id'] > 0)
{
define ('ONE_YEAR', 60 * 1 * 60 * 24 * 30 * 12);
session_set_cookie_params(ONE_YEAR * 10);
session_start();
$_SESSION['ses_user_id'] = $valid_user_details['user_id'];
$_SESSION['ses_username'] = $valid_user_details['user_name'];
$_SESSION['ses_user_email'] = $valid_user_details['user_email'];
$_SESSION['is_logged_in'] = true;
header('Location: dashboard.php');
exit;
}else{
header('location: index.php?action=logout');
exit;
}
}