我怎样才能使 PHP 会话/cookie 无限期
我正在使用一个登录系统,它设置下面的会话变量/cookie。 Chrome 可以让你轻松查看 cookie,它显然将其标记为 PHPSESSID,“当我关闭浏览器时”就会过期。果然,当我登录、关闭浏览器,然后打开一个新的浏览器会话时,我不再登录。
如何才能使用户无论浏览器是否关闭都保持登录状态?我想让用户保持登录状态(如果可能的话,永久登录),除非故意注销。
$_SESSION['loginid'] = $row['loginid'];
$_SESSION['username'] = $u;
I am using a login system that sets the session variables / cookies below. Chrome, which awesomely lets you look at your cookies without too much trouble, apparently labels this as a PHPSESSID that expire "When I close my browser." Sure enough, when I log in, shut down the browser, and then open up a new browser session, I am no longer logged in.
How could I make it so the user stays logged in whether or not the browser is closed? I would like to make it so the user stays logged in (permanently, if possible) unless a deliberate logout is done.
$_SESSION['loginid'] = $row['loginid'];
$_SESSION['username'] = $u;
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
看看
session_set_cookie_params()...第一个参数是
$lifetime。将其设置为非 0 数字,这就是他们保持登录状态的时间(以秒为单位)。如果为0,浏览器关闭后就会被删除。请注意,您需要自己存储会话数据,或者还设置ini_set("session.gc_maxlifetime", $Lifetime);(以防止服务器删除旧会话)。但请注意,这可能会占用大量磁盘空间(并且开放拒绝服务攻击,攻击者通过不断生成新会话来占用您的所有磁盘空间)...1 年 ~= 3156000(秒)
我诚实地建议实现“记住我”功能,而不是尝试无限期地保留会话...“记住我”也会使用 cookie,但它不会占用非活动用户的服务器空间...
Take a look at
session_set_cookie_params()...The first parameter is
$lifetime. Set that to a non-0 number, and that's how long they will stay logged in for in seconds. If it's 0, it'll be deleted once the browser closes. Note that you'll need to either store the session data yourself, or setini_set("session.gc_maxlifetime", $Lifetime);as well (to prevent the server from deleting old sessions). But beware that this could eat up a LOT of disk space (And open Denial Of Service attacks where attackers eat up all your disk space by just spawning new sessions continuously)...1 year ~= 3156000 (seconds)
I'd honestly suggest implementing a "remember me" function rather than trying to persist the session indefinitely... The remember me would use a cookie as well, but it wouldn't tie up server space for non-active users...
您只需在会话 cookie 上设置一个将来的到期日期即可。
You just need to set an expiration date in the future on the session cookie.
您可以使用
session_set_cookie_params< /a> 设置 PHPSESSID cookie 相关设置。因此,您只需将值 60 替换为任意高的第二个值即可。
You can use
session_set_cookie_paramsto set the PHPSESSID cookie related settings.So you would just replace the value 60 with some arbitrarily high second value.