mysql - Is it reliable enough to log in with PHP and simply use session?
给我你的怀抱
给我你的怀抱 2017-05-31 10:34:03
0
4
1089

Currently, the project login I am doing is just to determine whether the user session exists. If it exists, log in, if not, it will not log in.

Is this simple and crude method safe? How safe is it?

I don’t know what is the idea of ​​designing a more mature and relatively simple login verification, please give me some advice

给我你的怀抱
给我你的怀抱

reply all(4)
我想大声告诉你

The simplest login status is the session, and it is very safe.
Along with the session, there are cookies. Relatively speaking, it is not as secure as the session, but if it is set up, there will be no security issues.

我想大声告诉你

Personally, I think the method of using $_SESSION to determine whether the user is logged in is unreliable.
For example, after a user changes his password, how can the program make the old login invalid?
So it is still recommended to use cookies to verify the user's identity.
In the cookie Save the user's ID and salt.
When the user registers successfully, or when the password is changed, the salt is regenerated and the user table is updated.

曾经蜡笔没有小新

session is relatively simple, but not reliable enough; if you need more reliability, you can refer to WeChat/QQ, and for more reliable information, refer to online banking login.

曾经蜡笔没有小新

session exists

This is unreliable because the session is stored in the cookie and is the content of the client. In principle, the server should not trust any information from the client and needs to be validated. As for the verification logic, please design it yourself (just judging "yes" and "no" is obviously not enough)

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template