代码之家 › 专栏 › 技术社区 › Prasad Patel

像facebook一样24/7工作的会话

logout login cookies session php

-1

Prasad Patel · 技术社区 · 7 年前

我一直在研究的会话必须24/7工作,直到用户完全像“脸谱”一样注销后才能注销。我试过写代码,但没有成功,所以我在谷歌上搜索了一下,不幸的是没有找到任何有效的解决方案,所以我来了。我先只尝试了会话,但没有成功,所以我使用的会话的cookie过期时间是10年后,但仍然没有成功。我的代码是

索引文件

include_once('includes/open-pdo.php');
include_once 'model.php';
if(!empty($_SESSION["is_logged_in"])) {
 header('Location: dashboard.php');exit;
}
if(!empty($_COOKIE["member_login"])) {
  $username = trim($_COOKIE["member_login"]);
  $password = trim($_COOKIE["member_password"]);
  $valid_user_details = check_user_login($username, $password);
  if(count($valid_user_details)>0 && $valid_user_details['user_id'] > 0){
    $_SESSION['ses_user_id'] = $valid_user_details['user_id'];
    $_SESSION['ses_username'] = $valid_user_details['user_name'];
    $_SESSION['ses_user_email'] = $valid_user_details['user_email'];
    header('Location: dashboard.php');exit;
  }else{
    header('location: index.php?action=logout');exit;
  }
}
if(!empty($_POST['submit'])){
  $username = trim($_POST['username']);
  $password = trim($_POST['password']);
  $valid_user_details = check_user_login($username, $password);
  if(count($valid_user_details)>0 && $valid_user_details['user_id'] > 0)
  {
   $_SESSION['ses_user_id'] = $valid_user_details['user_id'];
   $_SESSION['ses_username'] = $valid_user_details['user_name'];
   $_SESSION['ses_user_email'] = $valid_user_details['user_email'];
   $_SESSION['is_logged_in'] = true;
   /* Store COOKIES of duration for 10 years expiry */
   setcookie ("member_login",$_POST["username"],time()+ (10 * 365 * 24 * 60 * 60));
   setcookie ("member_password",$_POST["password"],time()+ (10 * 365 * 24 * 60 * 60));
   header('Location: dashboard.php');exit;
  }else{
   header('location: index.php?action=logout');exit;
  }
}
<body>
 <form class="form-signin" action="" method="post"> 
  <input type="text" class="form-control" name="username" placeholder="Email Address" required="" autofocus="" />
  <input type="password" class="form-control" name="password" placeholder="Password" required=""/>
  <button class="btn btn-lg btn-primary btn-block" type="submit" name="submit" value="submit">Login</button>   
 </form>
</body>

仪表板.php

if(empty($_COOKIE["member_login"]) || empty($_SESSION["is_logged_in"])) {
 header('location: index.php?action=logout');exit;
}
echo '<div style="text-align:center;"><h3>Welcome to Dashboard - <b>'.$_SESSION['ses_username'].'</b></h3>';
echo '<span style="font-size:20px;"><a href="logout.php">logout</a></span> </div>';

任何人请帮我解决这个问题。谢谢。

2 回复 | 直到 7 年前

1

0

S. Denis 7 年前

坏主意是在cookie中存储登录名和密码,即使它们是加密的。您需要为某个经过身份验证的用户生成一些密钥。例如,将其存储在数据库中(用户id、cookie密钥)。如果密钥存在于cookie中,则通过cookie密钥从数据库获取用户id。

示例SQL: create table user_cookie_token (user_id int, cookie_key char(32))

当用户登录时,生成cookie密钥: sha1(user_id . time()) ,然后将其添加到cookie并存储在db中。

2

0

Kagiso Marvin Molekwa 7 年前

从 https://secure.php.net/manual/en/function.session-set-cookie-params.php

对于启动会话的代码,请尝试以下操作…

if (!empty($_POST['submit'])){
  $username = trim($_POST['username']);
  $password = trim($_POST['password']);
  $valid_user_details = check_user_login($username, $password);

  if (count($valid_user_details) > 0 && $valid_user_details['user_id'] > 0)
  {
       define ('ONE_YEAR', 60 * 1 * 60 * 24 * 30 * 12);
       session_set_cookie_params(ONE_YEAR * 10);
       session_start();

       $_SESSION['ses_user_id'] = $valid_user_details['user_id'];
       $_SESSION['ses_username'] = $valid_user_details['user_name'];
       $_SESSION['ses_user_email'] = $valid_user_details['user_email'];
       $_SESSION['is_logged_in'] = true;

       header('Location: dashboard.php');
       exit;
  }else{
       header('location: index.php?action=logout');
       exit;
  }
}