|
楼主 |
发表于 2011-11-1 22:13:17
|
显示全部楼层
亲们,不好意思,我后来经过测试发现该方法有些难以名状的问题,特别是如果依然启用CI原生的session类的话,比如会导致生成两个cookie,或者是载入了错误的cookie导致读取错误,总而言之,我提出的方案是不合适的。所以我又退回到了使用CI原生的session类中,但对原生类中做了一些修改
将原生session中的sess_update()函数禁止session_id变化
PHP复制代码
function sess_update ()
{
// We only update the session every five minutes by default
if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
{
return;
}
//禁止session_id变化
/*
// Save the old session id so we know which record to
// update in the database if we need it
$old_sessid = $this->userdata['session_id'];
$new_sessid = '';
while (strlen($new_sessid) < 32)
{
$new_sessid .= mt_rand(0, mt_getrandmax());
}
// To make the session ID even more secure we'll combine it with the user's IP
$new_sessid .= $this->CI->input->ip_address();
// Turn it into a hash
$new_sessid = md5(uniqid($new_sessid, TRUE));
// Update the session data in the session data array
$this->userdata['session_id'] = $new_sessid;
*/
$this->userdata['last_activity'] = $this->now;
// _set_cookie() will handle this for us if we aren't using database sessions
// by pushing all userdata to the cookie.
$cookie_data = NULL;
// Update the session ID and last_activity field in the DB if needed
if ($this->sess_use_database === TRUE)
{
// set cookie explicitly to only have our session data
$cookie_data = array();
foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
{
$cookie_data[$val] = $this->userdata[$val];
}
$this->CI->db->query($this->CI->db->update_string($this->sess_table_name, array('last_activity' => $this->now), array('session_id' => $this->userdata['session_id'])));
}
// Write the cookie
$this->_set_cookie ($cookie_data);
}
复制代码
虽然降低了安全性,但至少可以保证通过session_id来判断是否为登陆用户
不过,在本地测试时依然出现一些丢失登陆状态的情况,DEBUGing…… |
|