当前位置: 文江博客话题详情

CURL 会话管理

发布于 2024-11-28 16:48:47 字数 606 浏览 0 评论 0原文

我正在构建一个基于需要基本身份验证的 API 的应用程序。我已经打了很多电话,并将 CURL 请求封装在我所做的一个类中,

我正在使用一个 cookie jar,如下所示:

curl_setopt($curl_handle, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($curl_handle, CURLOPT_COOKIEFILE, "cookie.txt");

我试图通过使用 cookie.txt 来存储 cookie 及其内容来保持会话一直工作得很好。然而,今天我发现了一个令人震惊的发现。当其他人(在另一台计算机上)访问我的应用程序时,他们可以看到我的会话信息(可能是因为它使用相同的文件作为会话参考)。我想也许我可以为每个访问者生成一个新的“cookie jar”,但这在投入生产时可能不起作用。用户数量至少将达到数千,所以我认为这意味着我每次访问都需要一个 cookie 文件,对吗?

这看起来并不实用,更不用说我必须以编程方式创建 cookie 文件。以前有其他人遇到过这个问题吗?任何建议都会有真正的帮助。

也许有一个 CURL setopt 解决方案可以在访问中唯一地分发 cookie?

谢谢!

原文

I am building an application that is built upon an API that requires Basic Authentication. I have made many calls and wrapped up the CURL requests inside a class that I've made,

I'm using a cookie jar that I use like this:

curl_setopt($curl_handle, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($curl_handle, CURLOPT_COOKIEFILE, "cookie.txt");

I am trying to keep sessions by using cookie.txt to store the cookies and its been working great. However, today I came across an alarming discovery. When someone else (on a different computer) goes to my app, they can see my session information (probably because it's using the same file as reference for the session). I have thought that perhaps I could generate a new "cookie jar" for each visitor, but this will probably not work when it goes to production. The quantity of users is going to be in the thousands at least, so I think this means that I would need a cookie file for each visit right?

This doesn't seem practical and not to mention that I would have to create the cookie file programmatically. Has anybody else come across this issue before? Any suggestions would be a real help.

Perhaps there's a CURL setopt solution that would uniquely distribute the cookies amongst visits?

Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

乖乖公主 2024-12-05 16:48:47

如果你可以向用户公开cookie,如果你打开curl_setopt($curl_handle, CURLOPT_HEADER,1),curl exec返回的标头将出现在内容的顶部,你可以匹配这些从内容顶部取出并将它们传递到客户端浏览器进行保留,然后通过curl 过程将所有用户cookie 传回以用于下一个请求。

我不久前做了一些粗略的事情:

  if(is_array($_COOKIE))
  {
    foreach($_COOKIE as $cookiename => $cookievalue)
    {
      if($cookievalue)
      {
        if(get_magic_quotes_gpc())
        {
          $cookievalue = stripslashes($cookievalue);
        }
        $cookies[] = $cookiename .'='. urlencode($cookievalue);
      }
    }
    if(is_array($cookies))
    {
      curl_setopt($curl_handle, CURLOPT_COOKIE,implode('; ',$cookies));
    }
  }

在curl exec之后

  preg_match_all('%HTTP/\\d\\.\\d.*?(\\r\\n|\\n){2,}%si', $curl_result, $header_matches);
  $headers = split("\r\n", str_replace("\r\n\r\n",'',array_pop($header_matches[0])));
  if(is_array($headers))
  {
    foreach ($headers as $header)
    {
      preg_match('#(.*?)\:\s(.*)#', $header, $header_matches);
      if(isset($header_matches[1]))
      {
        $headers[$header_matches[1]] = $header_matches[2];
      }
      // SET THE COOKIE
      if($header_matches[1] == 'Set-Cookie')
      {
        header('Set-Cookie: ' . $header_matches[2],false);
      }
    }
  }
  # Remove the headers from the response body
  $curl_result = preg_replace('%HTTP/\\d\\.\\d.*?(\\r\\n|\\n){2,}%si','',$curl_result);

If you can expose the cookie to the user if you turn on curl_setopt($curl_handle, CURLOPT_HEADER,1) the headers returned by the curl exec will be present a the top of the content, you could match these out of the top of the content and pass them to the clients browser for retention, then pass any user cookies back through the curl process for the next request.

something crude I made a while ago:

  if(is_array($_COOKIE))
  {
    foreach($_COOKIE as $cookiename => $cookievalue)
    {
      if($cookievalue)
      {
        if(get_magic_quotes_gpc())
        {
          $cookievalue = stripslashes($cookievalue);
        }
        $cookies[] = $cookiename .'='. urlencode($cookievalue);
      }
    }
    if(is_array($cookies))
    {
      curl_setopt($curl_handle, CURLOPT_COOKIE,implode('; ',$cookies));
    }
  }

after the curl exec

  preg_match_all('%HTTP/\\d\\.\\d.*?(\\r\\n|\\n){2,}%si', $curl_result, $header_matches);
  $headers = split("\r\n", str_replace("\r\n\r\n",'',array_pop($header_matches[0])));
  if(is_array($headers))
  {
    foreach ($headers as $header)
    {
      preg_match('#(.*?)\:\s(.*)#', $header, $header_matches);
      if(isset($header_matches[1]))
      {
        $headers[$header_matches[1]] = $header_matches[2];
      }
      // SET THE COOKIE
      if($header_matches[1] == 'Set-Cookie')
      {
        header('Set-Cookie: ' . $header_matches[2],false);
      }
    }
  }
  # Remove the headers from the response body
  $curl_result = preg_replace('%HTTP/\\d\\.\\d.*?(\\r\\n|\\n){2,}%si','',$curl_result);
回复 原文
~没有更多了~

关于作者

千笙结

暂无简介

0 文章
0 评论
630 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

初遇

文章 0 评论 0

听闻余生

文章 0 评论 0

Z_dy

文章 0 评论 0

左岸枫

文章 0 评论 0

1848719402

文章 0 评论 0

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文