适用于24/7的会话(如facebook)

时间:2018-11-19 05:21:13

标签: php session cookies login logout

我一直在进行必须在24/7内工作的会话,直到用户完全像“ facebook”一样注销后才注销。我试图编写代码,但是它没有用,所以我用谷歌搜索了它,但是不幸的是找不到任何可行的解决方案,所以我来了。我先尝试仅使用会话,但没有用,所以我使用的是cookie的会话,且cookie的过期时间为10年,但仍然无效。我的代码是

index.php

include_once('includes/open-pdo.php');
include_once 'model.php';
if(!empty($_SESSION["is_logged_in"])) {
 header('Location: dashboard.php');exit;
}
if(!empty($_COOKIE["member_login"])) {
  $username = trim($_COOKIE["member_login"]);
  $password = trim($_COOKIE["member_password"]);
  $valid_user_details = check_user_login($username, $password);
  if(count($valid_user_details)>0 && $valid_user_details['user_id'] > 0){
    $_SESSION['ses_user_id'] = $valid_user_details['user_id'];
    $_SESSION['ses_username'] = $valid_user_details['user_name'];
    $_SESSION['ses_user_email'] = $valid_user_details['user_email'];
    header('Location: dashboard.php');exit;
  }else{
    header('location: index.php?action=logout');exit;
  }
}
if(!empty($_POST['submit'])){
  $username = trim($_POST['username']);
  $password = trim($_POST['password']);
  $valid_user_details = check_user_login($username, $password);
  if(count($valid_user_details)>0 && $valid_user_details['user_id'] > 0)
  {
   $_SESSION['ses_user_id'] = $valid_user_details['user_id'];
   $_SESSION['ses_username'] = $valid_user_details['user_name'];
   $_SESSION['ses_user_email'] = $valid_user_details['user_email'];
   $_SESSION['is_logged_in'] = true;
   /* Store COOKIES of duration for 10 years expiry */
   setcookie ("member_login",$_POST["username"],time()+ (10 * 365 * 24 * 60 * 60));
   setcookie ("member_password",$_POST["password"],time()+ (10 * 365 * 24 * 60 * 60));
   header('Location: dashboard.php');exit;
  }else{
   header('location: index.php?action=logout');exit;
  }
}
<body>
 <form class="form-signin" action="" method="post"> 
  <input type="text" class="form-control" name="username" placeholder="Email Address" required="" autofocus="" />
  <input type="password" class="form-control" name="password" placeholder="Password" required=""/>
  <button class="btn btn-lg btn-primary btn-block" type="submit" name="submit" value="submit">Login</button>   
 </form>
</body>

dashboard.php

if(empty($_COOKIE["member_login"]) || empty($_SESSION["is_logged_in"])) {
 header('location: index.php?action=logout');exit;
}
echo '<div style="text-align:center;"><h3>Welcome to Dashboard - <b>'.$_SESSION['ses_username'].'</b></h3>';
echo '<span style="font-size:20px;"><a href="logout.php">logout</a></span> </div>';

任何人在那里都请帮助我。谢谢。

2 个答案:

答案 0 :(得分:0)

坏主意将登录名和密码存储在cookie中,即使它们已加密也是如此。您需要为某些经过身份验证的用户生成密钥。例如,将其存储在数据库中(user_id,cookie_key)。而且,如果密钥存在于cookie中,则比通过cookie_key从数据库中获取user_id。

示例SQL: create table user_cookie_token (user_id int, cookie_key char(32))

用户登录后,将其添加到cookie并存储在db中后,生成cookie密钥:sha1(user_id . time())

答案 1 :(得分:0)

来自https://secure.php.net/manual/en/function.session-set-cookie-params.php

对于启动会话的代码,请尝试以下操作...

if (!empty($_POST['submit'])){
  $username = trim($_POST['username']);
  $password = trim($_POST['password']);
  $valid_user_details = check_user_login($username, $password);

  if (count($valid_user_details) > 0 && $valid_user_details['user_id'] > 0)
  {
       define ('ONE_YEAR', 60 * 1 * 60 * 24 * 30 * 12);
       session_set_cookie_params(ONE_YEAR * 10);
       session_start();

       $_SESSION['ses_user_id'] = $valid_user_details['user_id'];
       $_SESSION['ses_username'] = $valid_user_details['user_name'];
       $_SESSION['ses_user_email'] = $valid_user_details['user_email'];
       $_SESSION['is_logged_in'] = true;

       header('Location: dashboard.php');
       exit;
  }else{
       header('location: index.php?action=logout');
       exit;
  }
}