会话 VS 温度饼干

2023-12-28

我是在想。在 PHP 中设置没有过期的 cookie（意味着它会在浏览器关闭时过期）和设置会话变量有什么区别。我不是在谈论登录之类的事情；而不需要在每次页面访问时获取不经常更改的数据库值等。

P.S：您可以通过使用来更好地保护您的cookiehttp_only cookie http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html。对于 PHP 你可以阅读http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html. 我忘记对这个会话示例执行此操作，但确实将其用于 cookie 示例:(。当您使用此功能时，大多数浏览器（支持 httponly）都无法从 JavaScript 读取您的 cookie。要在会话中使用 httponly cookie：ini_set("session.cookie_httponly", 1);

在 PHP 中设置 cookie 和不设置 cookie 有什么区别过期（意味着它随着浏览器关闭而过期）并设置会话变量

他们可以跟踪相同的信息，但使用 cookie（不使用会话），所有信息都存储在用户/网络浏览器上，这些信息可能被黑客窃取，甚至被更改以提供虚假信息。对于简单的事情，您可以使用 cookie，但我认为您也可以使用会话，因为当您使用 cookie 时，您需要通过线路传输更多信息。

互联网（HTTP http://nl.wikipedia.org/wiki/Hypertext_Transfer_Protocol）标准是无状态协议 http://en.wikipedia.org/wiki/Stateless_protocol（无内存）其优点是简化了服务器设计。互联网使用cookie http://en.wikipedia.org/wiki/HTTP_cookie让它“记住”。

Session仅使用cookie来存储PHPSESSID http://www.php.net/manual/en/session.configuration.php#ini.session.name里面的饼干。标准其余信息存储在disc http://www.php.net/manual/en/session.configuration.php#ini.session.save-handler这是保持状态（存储敏感信息）的更安全的方式。你也可以加密你的cookie https://stackoverflow.com/questions/173727/how-to-save-encrypted-data-in-cookie-using-php这样做，但我认为sessions http://en.wikipedia.org/wiki/Session_%28computer_science%29这是做到这一点的好方法。

您可以覆盖此行为，并且当您的网站流量较高时可能应该使用类似内存缓存 http://memcached.org/redis http://redis.io仅将会话信息存储在内存中（内存比旋转磁盘读取文件要快得多，因为内存也没有移动部件并且非常靠近 CPU）。为此，您需要覆盖会话设置保存处理程序 http://www.php.net/manual/en/function.session-set-save-handler.php。用redis做起来非常简单。要安装 redis 只需输入make. Predis https://github.com/nrk/predis是推荐（流行）的 PHP Redis 客户端库。要将会话信息保存在 redis 中，您可以使用redis-session-php https://github.com/ivanstojic/redis-session-php.

Session

Code

我创建了一个非常简单的 php 文件来演示会话。

<?php

session_start();

if (!isset($_SESSION['count'])) {
    $_SESSION['count'] = 0;
}

echo $_SESSION['count']++;

卷曲第一次保存cookie

我在用乌班图 http://en.wikipedia.org/wiki/Ubuntu below.

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl http://localhost/stackoverflow/6717214/session.php -v -c cookie
* About to connect() to localhost port 80 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/session.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 12:13:43 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie PHPSESSID="eauo6se9o34oegs57nuhs5u3b7" for domain localhost, path /, expire 0
< Set-Cookie: PHPSESSID=eauo6se9o34oegs57nuhs5u3b7; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0
0

-v:让操作更懂事
-c:操作后将cookie写入此文件

接下来我们显示会话创建的输出 cookie

alfred@alfred-laptop:~/www/stackoverflow/6717214$ cat cookie 
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

localhost   FALSE   /   FALSE   0   PHPSESSID   d5jfijp8515pbhnoe43v4rau97

标准 PHP 使用文件系统来存储属于会话的数据（PHPSESSID）。对我来说，文件位于/var/lib/php5

alfred@alfred-laptop:~/www/stackoverflow/6717214$ php -r "echo session_save_path();"
/var/lib/php5

正如你所看到的，它存储了这些信息file sess_d5jfijp8515pbhnoe43v4rau97。它正在使用连载 http://php.net/manual/en/function.serialize.php在幕后将对象转换为字符串。

alfred@alfred-laptop:/var/lib/php5$ sudo cat sess_d5jfijp8515pbhnoe43v4rau97
count|i:1;

我需要sudo http://en.wikipedia.org/wiki/Sudo因为我可以标准不从该位置读取

alfred@alfred-laptop:/var/lib$ sudo ls -la /var/lib/ | grep php5
drwx-wx-wt  2 root          root           4096 2011-07-16 14:16 php5

The read bit http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html尚未为该目录设置

使用保存的 cookie 进行第二次卷曲

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -v -b cookie http://localhost/stackoverflow/6717214/session.php
* About to connect() to localhost port 80 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/session.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: PHPSESSID=d5jfijp8515pbhnoe43v4rau97
> 
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 12:28:59 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0
1

-b:用于读取 cookie 的 cookie 字符串或文件

正如您所看到的，我们可以在不将任何信息存储在 cookie 内的情况下进行计数。我们使用相同的 cookie 来记住我们的状态。您还可以看到光盘上的信息已更改以反映这一点。

alfred@alfred-laptop:~/www/stackoverflow/6717214$ sudo cat /var/lib/php5/sess_d5jfijp8515pbhnoe43v4rau97
count|i:2;

Cookies

当仅使用 cookie 时，所有内容都存储在用户计算机上。

Code

<?php

$counter = 0;

if (isset($_COOKIE['counter'])) {
    $counter = $_COOKIE['counter'] + 1;
}

setCookie("counter", $counter, NULL, NULL, NULL, NULL, TRUE);
echo $counter;

第一次使用 Curl 存储 cookie

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -c cookie -v http://localhost/stackoverflow/6717214/cookie.php
* About to connect() to localhost port 80 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/cookie.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 13:22:03 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie counter="0" for domain localhost, path /stackoverflow/6717214/, expire 0
< Set-Cookie: counter=0; httponly
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0
0

当我们输出 cookie 时，我们得到：

alfred@alfred-laptop:~/www/stackoverflow/6717214$ cat cookie
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_localhost FALSE   /stackoverflow/6717214/ FALSE   0   counter0

正如您所看到的，所有内容都存储在 cookie 中并通过网络发送。

Curl 第二次使用 cookie

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -b cookie -c cookie -v htp://localhost/stackoverflow/6717214/cookie.php
* About to connect() to localhost port 80 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/cookie.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: counter=0
> 
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 13:32:24 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Replaced cookie counter="1" for domain localhost, path /stackoverflow/6717214/, expire 0
< Set-Cookie: counter=1; httponly
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0
1

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系:hwhale#tublm.com(使用前将#替换为@)