gpt4 book ai didi

php - session VS 温度。 cookies

转载 作者:可可西里 更新时间:2023-11-01 00:51:16 27 4
gpt4 key购买 nike

我只是想知道。在 PHP 中设置一个没有过期的 cookie(意味着它在浏览器关闭时过期)和设置一个 session 变量之间有什么区别。我不是在谈论登录之类的东西;而不是需要在每次访问页面时获取不太频繁更改的数据库值等。

最佳答案

P.S:您可以使用 http_only cookies 进一步保护您的 cookie .对于 PHP,您可以阅读 http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html . 我忘了为这个 session 示例做,但确实将它用于 cookie 示例 :(。当你使用它时,你的 cookie 不能从大多数浏览器(支持 http_only)的 JavaScript 中读取。要使用 http_only session 的 cookie:ini_set("session.cookie_httponly", 1);

What's the difference in PHP between setting a cookie without expiration (meaning it expires as the browser closes) and setting a session variable

他们可以跟踪相同的信息,但是使用 cookie(不使用 session ),所有信息都存储在用户/网络浏览器上,这些信息可能会被黑客窃取,甚至被更改以提供虚假信息。对于简单的事情,您可以使用 cookie,但我认为您也可以使用 session ,因为当您使用 cookie 时,您需要通过网络传输更多信息。


互联网( HTTP ) 标准是stateless protocol (无内存),其优点是简化了服务器设计。互联网使用 cookie让它“记住”。

Sessions只使用cookie来存储PHPSESSID里面的 cookies 。标准的其余信息存储在 disc 上这是保持状态(存储敏感信息)的更安全方式。你也可以 encrypt your cookie这样做,但我认为sessions这是执行此操作的好方法。

您可以覆盖此行为,当您的网站流量很高时,您可能应该使用 memcached 之类的东西/redis仅将 session 信息存储在内存中(内存比旋转磁盘读取文件快得多,因为内存也没有移动部件并且非常接近 CPU)。为此,您需要覆盖 session_set_save_handler .使用redis很容易做到。要安装 redis,只需键入 makePredis是为 PHP 推荐的(流行的)redis 客户端库。要在 redis 中保存 session 信息,您可以使用 redis-session-php .

session

代码

我创建了一个非常简单的 php 文件来演示 session 。

<?php

session_start();

if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
}

echo $_SESSION['count']++;

Curl 第一次保存 cookie

我正在使用 Linux Ubuntu下面。

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl http://localhost/stackoverflow/6717214/session.php -v -c cookie
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/session.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 12:13:43 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie PHPSESSID="eauo6se9o34oegs57nuhs5u3b7" for domain localhost, path /, expire 0
< Set-Cookie: PHPSESSID=eauo6se9o34oegs57nuhs5u3b7; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
0
  • -v:让操作更健谈
  • -c:运行后将cookies写入此文件

接下来我们显示 session 创建的输出 cookie

alfred@alfred-laptop:~/www/stackoverflow/6717214$ cat cookie 
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

localhost FALSE / FALSE 0 PHPSESSID d5jfijp8515pbhnoe43v4rau97

标准 PHP 使用文件系统来存储属于 session 的数据(PHPSESSID)。对我来说,文件位于 /var/lib/php5

alfred@alfred-laptop:~/www/stackoverflow/6717214$ php -r "echo session_save_path();"
/var/lib/php5

如您所见,它将信息存储在 文件 sess_d5jfijp8515pbhnoe43v4rau97 中。它正在使用 serialize在幕后将对象转换为字符串。

alfred@alfred-laptop:/var/lib/php5$ sudo cat sess_d5jfijp8515pbhnoe43v4rau97
count|i:1;

我需要sudo因为我可以标准地不从那个位置读取

alfred@alfred-laptop:/var/lib$ sudo ls -la /var/lib/ | grep php5
drwx-wx-wt 2 root root 4096 2011-07-16 14:16 php5

read bit尚未为该目录设置

使用保存的 cookie 第二次 curl

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -v -b cookie http://localhost/stackoverflow/6717214/session.php
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/session.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: PHPSESSID=d5jfijp8515pbhnoe43v4rau97
>
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 12:28:59 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
1
  • -b:从中读取 cookie 的 Cookie 字符串或文件

如您所见,我们可以在不将任何信息存储在 cookie 中的情况下进行计数。我们使用相同的 cookie 来记住我们的状态。您还可以看到光盘上的信息已更改以反射(reflect)这一点。

alfred@alfred-laptop:~/www/stackoverflow/6717214$ sudo cat /var/lib/php5/sess_d5jfijp8515pbhnoe43v4rau97
count|i:2;

Cookies

当只使用 cookie 时,所有内容都存储在用户的计算机上。

代码

<?php

$counter = 0;

if (isset($_COOKIE['counter'])) {
$counter = $_COOKIE['counter'] + 1;
}

setCookie("counter", $counter, NULL, NULL, NULL, NULL, TRUE);
echo $counter;

第一次用Curl存储cookie

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -c cookie -v http://localhost/stackoverflow/6717214/cookie.php
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/cookie.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 13:22:03 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie counter="0" for domain localhost, path /stackoverflow/6717214/, expire 0
< Set-Cookie: counter=0; httponly
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
0

当我们输出 cookie 时,我们得到:

alfred@alfred-laptop:~/www/stackoverflow/6717214$ cat cookie
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_localhost FALSE /stackoverflow/6717214/ FALSE 0 counter0

如您所见,所有内容都存储在 cookie 中并通过网络发送。

第二次使用 cookie curl

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -b cookie -c cookie -v htp://localhost/stackoverflow/6717214/cookie.php
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/cookie.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: counter=0
>
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 13:32:24 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Replaced cookie counter="1" for domain localhost, path /stackoverflow/6717214/, expire 0
< Set-Cookie: counter=1; httponly
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
1

关于php - session VS 温度。 cookies ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6717214/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com