“ PHPSESSID” cookie出现问题。 我想要的是标记标记“ safe”和“ http_only”,但没有标记它,一位朋友告诉我,此代码的结果给出了答案:“ Nanana”,我不理解它的含义,没有给我合理的答案
重要! 我没有执行此代码段。 :(
/**
* _set_cookies
*
* @param integer $user_id
* @param boolean $remember
* @param string $path
* @return void
*/
private function _set_cookies($user_id, $remember = false, $path = '/') {
global $db, $date;
/* generate new token */
$session_token = get_hash_token();
/* secured cookies */
$secured = (get_system_protocol() == "https")? true : false;
/* set cookies */
if($remember) {
$expire = time()+2592000;
setcookie($this->_cookie_user_id, $user_id, $expire, $path, "", $secured, true);
setcookie($this->_cookie_user_token, $session_token, $expire, $path, "", $secured, true);
}else {
setcookie($this->_cookie_user_id, $user_id, 0, $path, "", $secured, true);
setcookie($this->_cookie_user_token, $session_token, 0, $path, "", $secured, true);
}
/* insert user token */
$db->query(sprintf("INSERT INTO users_sessions (session_token, session_date, user_id, user_browser, user_os, user_ip) VALUES (%s, %s, %s, %s, %s, %s)", secure($session_token), secure($date), secure($user_id, 'int'), secure(get_user_browser()), secure(get_user_os()), secure(get_user_ip()) )) or _error("SQL_ERROR_THROWEN");
}
我想防止用户会话被盗,希望有人可以帮助我。