用 PHP 制作一个基于时间的触发器
例如,如果我想设置一个触发器,自当前时间起每小时触发一次,我将如何实现?
我正在使用 PHP 编写后端代码,本质上,如果用户登录,我会给出一个 sessionID,如果每小时没有活动,则会话超时。我认为它需要用 PHP 来实现,对吗?
For example, if I want to set up a trigger that fires every hr passed since the current time, how would I implement that?
I am using PHP to write my backend code, essentially, if a user logged in, I give a sessionID, if there's no activity every hr , then session timeout. I think it needs to be implement in PHP right?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您使用
cron作业调度程序来运行脚本。对于 Windows,您可以尝试Windows 任务计划程序。它提供了类似的功能。
实际上,您不需要 cron 来执行此操作。
由于您希望在用户处于非活动状态一小时后结束会话,因此您可以这样做吗?
$_SESSION变量。You use the
cronjob scheduler to run your script.For Windows, you can try the Windows Task Scheduler. It provides similar functionality.
Actually, you don't need
cronto do this.Since you want to end the session if the user has been inactive for one hour, how about you do this.
$_SESSIONvariable with the current time.current_time - last_time > 1 hour. If so, end the session and redirect them.您应该使用 cron 脚本而不是 PHP 来执行此操作。让 PHP 脚本运行几个小时通常是不好的做法。
You should do this with cron scripts, not in PHP. Having PHP scripts running for hours is generally bad practice.
这里不需要作业调度。当您为他们提供会话 ID 时,请将会话 ID 存储在数据库的表中。然后对每个请求执行此操作:
本质上:每次用户请求某些内容时,您都可以更新数据库中该会话行中的时间戳字段。如果当前时间-最后更新时间> 1小时,则会话无效,您不应允许访问。
如果您想安排一项作业来删除或以其他方式停用已过期的行,那没问题,但您的会话管理方案不应依赖于此。
也就是说,如果您不必推出自己的会话管理,就不要这样做。它充满了许多容易被忽视的小细节,并可能导致您的网站容易受到攻击。如果您仍然需要自己动手,请查看一些有关会话管理和身份验证的 OWASP 材料:
https ://www.owasp.org/index.php/Session_Management_Cheat_Sheet
No need for job scheduling here. When you give them a session ID, store the session ID in a table in your database. Then do this upon every single request:
Essentially: every time the user requests something, you can update a timestamp field in that session's row in your database. If the current time - last updated time > 1 hour, then the session is invalid and you should not allow the access.
If you wanted to schedule a job to go delete or otherwise deactivate rows that have expired, that's fine, but your session management scheme should not depend on that.
That said, if you don't have to roll your own session management, don't. It's fraught with lots of little details that are easy to overlook, and could result in leaving your site vulnerable. If you still need to roll your own, check out some of the OWASP materials about session management and authentication:
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
要么设置一个每小时运行的 cron 作业,要么设置代码来追溯计算自上次访问以来需要计算的内容。
如果您能更详细地描述您想要完成的任务,那将会非常有帮助。
either, set up a cron job that runs hourly, or instead set up code that retroactively calculates what needed to be calculated since the previous visit.
it would help emmensly if you were to describe what you are trying to accomplish in more detail.