我是在想.在没有过期的情况下设置cookie(意味着它在浏览器关闭时过期)和设置会话变量之间PHP的区别是什么.我不是在谈论登录和类似的东西;而不需要在每次访问页面等时获取频繁更改的数据库值.
解决方法:
PS:你可以使用http_only cookies保护你的cookie更多.对于PHP,你可以阅读http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html.我忘了为这个会话示例做,但确实用它作为cookie示例:(.当你使用它时,你的cookie不能从大多数浏览器的JavaScript(支持http_only).为会话使用http_only cookie:ini_set(“session.cookie_httponly”,1);
What’s the difference in PHP between setting a cookie without
expiration (meaning it expires as the browser closes) and setting a
session variable
他们可以跟踪相同的信息,但是使用cookie(不使用会话),所有信息都存储在用户/ webbrowser上,黑客可以窃取这些信息,甚至可以通过修改来提供虚假信息.对于简单的事情,您可以使用cookie,但我认为您还可以使用会话,因为当您使用cookie时,您需要通过网络传输更多信息.
因特网(HTTP)标准是stateless protocol(无存储器),其优点在于它简化了服务器设计.互联网使用cookie使其“记住”.
会话仅使用cookie将PHPSESSID存储在cookie中.标准的其余信息存储在disc,这是保持状态(存储敏感信息)的更安全的方式.你也可以encrypt your cookie这样做,但我认为sessions是很好的方法来做到这一点.
您可以覆盖此行为,并且可能应该在您的网站具有高流量时使用类似memcached/redis的内容将会话信息存储在内存中(内存比旋转光盘读取文件快很多,因为内存也没有移动部件而且是非常接近cpu).为此,您需要覆盖session_set_save_handler.使用redis非常容易.要安装redis,只需输入make. Predis是PHP的推荐(流行)redis客户端库.要在redis中保存会话信息,可以使用redis-session-php.
会议
码
<?PHP
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
}
echo $_SESSION['count']++;
卷曲第一次保存cookie
我在下面使用Linux Ubuntu.
alfred@alfred-laptop:~/www/stackoverflow/6717214$curl http://localhost/stackoverflow/6717214/session.PHP -v -c cookie
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/session.PHP HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 12:13:43 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie PHPSESSID="eauo6se9o34oegs57nuhs5u3b7" for domain localhost, path /, expire 0
< Set-Cookie: PHPSESSID=eauo6se9o34oegs57nuhs5u3b7; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
0
> -v:使操作更健谈
> -c:操作后将cookie写入此文件
alfred@alfred-laptop:~/www/stackoverflow/6717214$cat cookie
# netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE / FALSE 0 PHPSESSID d5jfijp8515pbhnoe43v4rau97
标准PHP使用文件系统来存储属于会话的数据(PHPSESSID).对我来说,文件位于/ var / lib / PHP5
alfred@alfred-laptop:~/www/stackoverflow/6717214$PHP -r "echo session_save_path();"
/var/lib/PHP5
如您所见,它将该信息存储在文件sess_d5jfijp8515pbhnoe43v4rau97中.它使用封面下的serialize将对象转换为字符串.
alfred@alfred-laptop:/var/lib/PHP5$sudo cat sess_d5jfijp8515pbhnoe43v4rau97
count|i:1;
我需要sudo,因为我可以标准不从该位置读取
alfred@alfred-laptop:/var/lib$sudo ls -la /var/lib/ | grep PHP5
drwx-wx-wt 2 root root 4096 2011-07-16 14:16 PHP5
尚未为该目录设置read bit
使用保存的cookie第二次卷曲
alfred@alfred-laptop:~/www/stackoverflow/6717214$curl -v -b cookie http://localhost/stackoverflow/6717214/session.PHP
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/session.PHP HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: PHPSESSID=d5jfijp8515pbhnoe43v4rau97
>
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 12:28:59 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
1
> -b:用于读取cookie的Cookie字符串或文件
正如您所看到的,我们可以在不在cookie中存储任何信息的情况下进行计数.我们使用相同的cookie来记住我们的状态.您还可以看到光盘上的信息已更改以反映此情况.
alfred@alfred-laptop:~/www/stackoverflow/6717214$sudo cat /var/lib/PHP5/sess_d5jfijp8515pbhnoe43v4rau97
count|i:2;
饼干
当只使用cookie时,一切都存储在用户计算机上.
码
<?PHP
$counter = 0;
if (isset($_COOKIE['counter'])) {
$counter = $_COOKIE['counter'] + 1;
}
setCookie("counter", $counter, NULL, NULL, NULL, NULL, TRUE);
echo $counter;
第一次使用Curl存储cookie
alfred@alfred-laptop:~/www/stackoverflow/6717214$curl -c cookie -v http://localhost/stackoverflow/6717214/cookie.PHP
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/cookie.PHP HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 13:22:03 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie counter="0" for domain localhost, path /stackoverflow/6717214/, expire 0
< Set-Cookie: counter=0; httponly
< vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
0
当我们输出cookie时,我们得到:
alfred@alfred-laptop:~/www/stackoverflow/6717214$cat cookie
# netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_localhost FALSE /stackoverflow/6717214/ FALSE 0 counter0
正如您所看到的,所有内容都存储在cookie中并通过网络发送.
卷曲第二次使用cookie
alfred@alfred-laptop:~/www/stackoverflow/6717214$curl -b cookie -c cookie -v htp://localhost/stackoverflow/6717214/cookie.PHP
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/cookie.PHP HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: counter=0
>
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 13:32:24 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Replaced cookie counter="1" for domain localhost, path /stackoverflow/6717214/, expire 0
< Set-Cookie: counter=1; httponly
< vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
1
