问题描述:

I use dynamically changing cookies in order to keep user logged in. To illustrate, after a successful login, login control function saves the user session info into rememberme table and creates cookies with this info. The data kept in server are user_id, key and expiration_date. If user having valid cookie (namely user_id, key and expire time within cookies match with the data stored in rememberme table) tries to access user-only accesible page, server creates a new cookie with different key, and default-period expiration time and updates this info inside rememberme table. The cycle goes on this way. So, the user with valid cookie maintains logged in and extends his session expiration time with every request to the page.

My question is, how much is efficient to implement such session management style. Does this create a burden for server and database?

FYI, I use PHP/Mysql in Amazon EC2 micro Windows server for the

development.

网友答案:

Why not use PHP sessions? They are designed for tasks just like this.

http://php.net/manual/en/book.session.php

网友答案:

Using custom Sessions, I've found, is much much better than using PHP sessions. Using php sessions has caused random problems for me in the past. Especially if you're working with any third party programs. But, just in general, I love to have more control over my session handling, by dealing with my own sessions. I also, revalidate sessions, by updating the session id, comparing the user agent and ip address to help ensure the session wasn't hijacked, so these are definitely beneficial, in comparison to any overhead they create, which isn't much.

Just work on carefully testing your session handler for random user situations, to minimize bugs. Also, be sure to sanitize the information coming from the users $_SERVER variables, because those can be manipulated. And, another good practice, is to handle errors for any situation you can think of in your session handler to help prevent hijacks (as much as possible), and know immediately when and where a problem occurs (something you're not afforded in PHP sessions). Main advice, it's important, so make sure you do it right.

相关阅读:
Top