将所需的 url 粘贴到地址栏会破坏会话
我收到一封邮件,其中提供了指向帐户历史记录页面页面的链接,如下所示:
http://www.mydomain.com/accounthistory.php?order_id=491
使用此邮件,我可以查看订单详细信息,但是当我登录到我的帐户并访问从邮件复制的相同链接时,我收到了,我得到了该页面,但我被注销了。
登录后,此页面在我的网站上也可用,并且 URL 显示为
http://www.mydomain.com/accounthistory.php?order_id=491&osCsid=v2i9agpobsce2dvlfgi28449j3
因此,我的问题是:
如果我登录我的帐户并使用我在邮件中收到的链接,即
http://www.mydomain.com/accounthistory.php?order_id=491
我应该做什么,以便我不退出我的帐户吗?
在查看了这两种方式之后,我发现我需要将“osCsid”附加到我在邮件中收到的 URL 中。通过调试我发现它保存在会话中。我如何使用它来发挥我的作用?
I get a mail in which I am given a link to a page of account history page like this:
http://www.mydomain.com/accounthistory.php?order_id=491
Using this I can view the order detail, but when I am logged in to my account and I access the same link copying from mail I got, I get the page, but I get logged out.
This page is also available in general of my site after login and the URL is displayed as
http://www.mydomain.com/accounthistory.php?order_id=491&osCsid=v2i9agpobsce2dvlfgi28449j3
Hence, my question is:
If I am logged in my account and using the link which I got in my mail, i.e.
http://www.mydomain.com/accounthistory.php?order_id=491
what should I do so that I do not get logged out of my account?
After looking through the both ways, I found that I need the "osCsid" appended to my URL which I got in my mail. And by debugging I found it to be saved in session. How can I use it to get my point work?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果你的商店系统不使用Cookies进行会话,那么在URL中携带会话ID实际上是继续会话的唯一方法。
然而,将会话 ID 放入电子邮件中并不是很优雅。会话 ID 在某些时候会变得无效,并且会使 URL 又长又难看。
我会考虑为那些接受它的客户端激活基于 Cookie 的身份验证。
If your shop system doesn't use Cookies for sessions, carrying the session ID in the URL is in fact the only way to continue the session.
However putting the session ID into the E-Mail is not very elegant. The session ID will become invalid at some point, and it makes the URL long and ugly.
I would consider activating Cookie based authentication for those clients that accept it.