使用 PHP $_COOKIE 管理会话变量
由于服务器设置,我必须使用 $_COOKIE 而不是 $_SESSION 来管理项目的会话变量。
在我的搜索表单上,我设置了一个初始 cookie,但不清楚这是否有帮助或是否需要?
setcookie('NOSG', 'oHai', time()+7200, '/', 'some.org');
每次加载搜索结果页面时,我都会迭代 cookie 并回溯需要清除的 cookie,然后设置新值,如下所示:
if ($board) {
foreach ($_COOKIE as $k => $v) {
if (preg_match('/boa_/', $k)) {
setcookie($k, '', time()-3600, '/', 'some.org');
}
}
foreach ($people as $p) {
setcookie('boa_'.$p->ID, $p->whatever, time()+7200, '/', 'some.org');
}
}
大多数情况下,这用于在多行
这种方法合理吗?我很少使用 $_COOKIE 来做任何事。
// 编辑 1:12 PM GMT-06:00 所有评论和答案都集中在修复会话上。我认为这是因为有某种原因建议的方法不合理?提出的问题是关于使用 $_COOKIE 来记住表单设置。有人愿意回答为什么我使用的方法适合或不适合该问题吗?
Due to server settings I am having to use $_COOKIE instead of $_SESSION to manage session vars for a project.
On my search form I set an initial cookie but am unclear whether this is helpful or needed?
setcookie('NOSG', 'oHai', time()+7200, '/', 'some.org');
Each time the search results page loads I iterate over the cookies and back date the ones I need to clear and then set the new values like so:
if ($board) {
foreach ($_COOKIE as $k => $v) {
if (preg_match('/boa_/', $k)) {
setcookie($k, '', time()-3600, '/', 'some.org');
}
}
foreach ($people as $p) {
setcookie('boa_'.$p->ID, $p->whatever, time()+7200, '/', 'some.org');
}
}
Mostly this is used for making sticky selections in multi-line <SELECT> inputs.
Is this approach sound? I have rarely used $_COOKIE for anything.
// EDIT 1:12 PM GMT-06:00
All of the comments and answers are focused on fixing sessions. I assume this is because there is some reason the method suggested is NOT sound? The question asked is about using $_COOKIE to remember form settings. Would anyone care to respond as to why the method I am using is or is not appropriate to the problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
该错误
是由于主机/系统管理员的错误造成的。他们应该将 /var/lib/php/session 的权限设置为 777,以便所有用户都可以写入。如果他们使用以您的用户身份执行您的 PHP 脚本的东西,则数据仍然是安全的,因为您的用户将拥有会话数据文件,因此其他人无法查看或修改它。
或者,您可以将会话保存路径即时更改为您控制下的目录。
如果您有一个启动会话的通用文件,请在 session_start() 之前添加此文件:
然后创建该文件夹并适当设置权限,以便仅您的用户可读/可写。
The error
Is due to an error on the part of your host/system administrator. They should set the permissions on /var/lib/php/session to 777 so it is writable by all users. If they are using something that executes your PHP script as your user, the data is still safe because your user will own the session data file so no one else can view or modify it.
Alternatively, you can change the session save path on the fly to a directory under your control.
If you were to have a common file that initiated your session, add this before session_start():
Then just created that folder and set the permissions appropriately so it is readable/writable by your user only.
从技术上讲,所有会话都是一个文本文件(好吧,您也可以将数据保存在数据库中),其中包含由 cookie(或地址栏)中保存的值标识的变量。
使用 setcookie()、serialize() 和 file_put_contents() 等写入 Web 树外部的文件夹来重新创建 PHP 中的功能并非不可能……尽管您可能还需要一个 Cron 作业来安排垃圾收集(公平地说,PHP 的本机会话 GC 似乎并不引人注目)。
您只需要创建一个自定义会话处理对象,并在 cookie 中为其设置“会话”id,就像您使用普通会话处理一样 - 只不过您不使用 $_SESSION,而是使用 Session:: get() 和 Session::set() 方法。
如果你保持 API 干净,那么将来如果你设法在服务器上启用会话处理,你只需要调整你的会话处理对象,它不会影响你的程序代码的其余部分 - 它可能是无论如何,抽象出会话处理是个好主意。
Technically all a session is, is a text file (OK, you can hold the data in a database as well) containing variables that's identified by a value held in a cookie (or the address bar).
It wouldn't be impossible to recreate the functionality within PHP using things like setcookie(), serialize() and file_put_contents() writing to a folder outside the web tree ... though you might also need a Cron job to schedule garbage collection (to be fair, PHPs native session GC doesn't seem to be spectacular).
You'd just need to create a custom session handling object and set the "session" id for it in a cookie exactly the same as if you were using normal session handling - except instead of using $_SESSION you'd use you Session::get() and Session::set() methods.
If you keep the API clean then, at a future date if you manage to get session handling enabled on the server, you'd only need to tweak your session handling object and it wouldn't affect the rest of your program code - it's probably a good idea to abstract away then session handling anyway.
没有一个受访者回答我的问题:使用 $_COOKIE 存储会话数据是一种合理的方法吗?
经验告诉了我他们不会告诉我的事情。并非所有浏览器都以相同的方式处理 cookie。例如,Internet Explorer 对每个域的 Cookie 数量有限制: http://support.microsoft.com/kb /941495
所以答案是 - $_SESSION 优于 cookie,因为 PHP 对所有浏览器都以相同的方式处理它。
None of the respondents addressed my question: Is using $_COOKIE to store session data a sound method?
Experience has taught me what they would not. Not all browsers handle cookies in the same way. For instance Internet Explorer has limits per domain on the number of cookies: http://support.microsoft.com/kb/941495
So the answer is- $_SESSION is superior to cookies as it is handled by PHP in the same manner for all browsers.