This article introduces in detail the common background management login of session and the method of using session ID to realize user shared login between multiple servers. Friends who need to know more can check out the full article.
Let’s first talk about using session to log in
The code of login page 05.php is as follows:
代码如下 | 复制代码 |
if (isset ($_SESSION['shili'])){ header ("Location:shili.php") ; //重新定向到其他页面 exit ; } ?> |
This program is an administrator login interface. It first initializes the session, and then detects whether the user has logged in by detecting whether the session variable has been registered. If so, there is no need to log in again and is directed to other pages. JavaScript is also used here to determine whether the username and password have been entered.
Verify login page
06.php is as follows:
The code is as follows | Copy code | |
代码如下 | 复制代码 | |
if (isset ($_SESSION['shili'])){ header ("Location:shili.php") ; //重新定向到其他页面 exit ; } //登录过的话立即结束 $shili_name=$_POST['username'] ; //获取参数 $password=$_POST['password'] ; //验证管理员名称和密码是否正确,这里采用直接验证,没有连接数据库 if ($shili_name=="mr" and $password=="mrsoft"){ session_register ("shili") ; //注册新的变量,保存当前会话的昵称 $shili = $shili_name ; echo "登录成功!" ; header ("Location:shili.php") ; //登录成功重定向到管理页面 }else{ echo "
?> |
header ("Location:shili.php") ; //Redirect to other pages
exit ; } out out out of
$shili_name=$_POST['username'] ; //Get parameters
$password=$_POST['password'] ;
代码如下 | 复制代码 |
if (!isset ($_SESSION['shili'])){ " ; exit () ; } ?> |
" ;
echo "The account or password is wrong, or it is not an administrator account " ; echo "Login failed! Please re-enter "; echo " |
The code is as follows | Copy code |
if (!isset ($_SESSION['shili'])){<🎜>
echo " " ; echo "" ; echo "You are not logged in, pleaseLog in!" ; echo " " ; exit () ; } ?> |
Use session_id to achieve shared login
First of all, there is the problem of multi-server sharing sessions. Everyone should be able to understand this. When the number of users of a website is too large, a server cluster will be used, such as a dedicated server for login. After the user logs in through the login server, the login server saves the user's login information session, and other accessed servers, such as the movie server, do not have this session, then we have to share this session through a unique identifier of the session - the specific session The sharing is beyond the scope of this article, please check the information yourself.
The second purpose is to verify different sessions of the same user, which is more difficult to understand. Let's put it this way, when a user does not request a connection through a browser, but requests data through a socket or other methods, we must first perform user login verification on him. After the verification is successful, we will issue a sessionid to him, and then He carries this sessionid every time he makes a request. We use this sessionid to determine whether the session already exists. If it exists, we assume that the user has logged in...
For the first question, we can save the sessionid in the database to achieve this. This method is relatively safe and widely used, but it is not the scope of our discussion
First generate a sessionid during verification;
The code is as follows
|
Copy code
|
||||
|
//Delivery session to client