感觉CI会话不爽,重写了会话函数
原CI的会话总是莫名其妙的改变会话ID,而我又懒得翻他的session类,也不喜欢像are333那样写一个类,所以我在helper目录下新建了一个mysession_helper.php<?php
/**
* author:jeffstric
* E-mail:jeffstricg@gmail.com
* blog:jeffsc.info
* */
if(!function_exists('start_mys')){
function start_mys($input=null){
$CI = &get_instance();
$CI->load->library('Encrypt');
@session_start();
if($input!=null){
if(is_array($input))
foreach($input as $key=>$value){
$_SESSION[$key]=$CI->encrypt->encode($value);
}
else
$_SESSION['value']=$CI->encrypt->encode($input);
}
$key=$CI->config->item('encryption_key');
//密码中除了session_id外还包含了用户浏览器信息和你的config中的密码,可以确保会话安全
return md5(session_id().$key.$_SERVER['HTTP_USER_AGENT']);
}
}
if(!function_exists('get_mys')){
function get_mys($input=null){
$CI = &get_instance();
$CI->load->library('Encrypt');
@session_start();
if($input!=null){
if(is_array($input)){
$result = array();
foreach($input as $value){
array_push($result,$CI->encrypt->decode($_SESSION[$value]));
}
return $result;
}
else
return $CI->encrypt->decode($_SESSION[$input]);
}
}
}
?>
使用起来也很简单
在控制器里添加
$this->load->helper('mysession');
var_dump(start_mys(array('a'=>'b','jeff'=>'qqq')));
即可存储,而添加
$this->load->helper('mysession');
var_dump(get_mys(array('a','jeff')));
没什么含量,只是为了帮助你们节省点时间
忘记加
setcookie(ini_get('session.name'),session_id(),time() + 3600);
:lol
{:soso_e102:} 留个名 亲们,不好意思,我后来经过测试发现该方法有些难以名状的问题,特别是如果依然启用CI原生的session类的话,比如会导致生成两个cookie,或者是载入了错误的cookie导致读取错误:L,总而言之,我提出的方案是不合适的。所以我又退回到了使用CI原生的session类中,但对原生类中做了一些修改
将原生session中的sess_update()函数禁止session_id变化
function sess_update()
{
// We only update the session every five minutes by default
if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
{
return;
}
//禁止session_id变化
/*
// Save the old session id so we know which record to
// update in the database if we need it
$old_sessid = $this->userdata['session_id'];
$new_sessid = '';
while (strlen($new_sessid) < 32)
{
$new_sessid .= mt_rand(0, mt_getrandmax());
}
// To make the session ID even more secure we'll combine it with the user's IP
$new_sessid .= $this->CI->input->ip_address();
// Turn it into a hash
$new_sessid = md5(uniqid($new_sessid, TRUE));
// Update the session data in the session data array
$this->userdata['session_id'] = $new_sessid;
*/
$this->userdata['last_activity'] = $this->now;
// _set_cookie() will handle this for us if we aren't using database sessions
// by pushing all userdata to the cookie.
$cookie_data = NULL;
// Update the session ID and last_activity field in the DB if needed
if ($this->sess_use_database === TRUE)
{
// set cookie explicitly to only have our session data
$cookie_data = array();
foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
{
$cookie_data[$val] = $this->userdata[$val];
}
$this->CI->db->query($this->CI->db->update_string($this->sess_table_name, array('last_activity' => $this->now), array('session_id' => $this->userdata['session_id'])));
}
// Write the cookie
$this->_set_cookie($cookie_data);
}
虽然降低了安全性,但至少可以保证通过session_id来判断是否为登陆用户:lol
不过,在本地测试时依然出现一些丢失登陆状态的情况,DEBUGing…… 楼主很强呢,看了这么长的代码我都头晕了 留名 支持.........................
页:
[1]