Home Sign Up Sign In
 weicode's recent timeline updates
weicode

weicode

V2EX member #34929, joined on 2013-02-26 21:43:50 +08:00
weicode's recent replies
Feb 26, 2013
Replied to a topic by feikeq PHP 请问一下大家平常都是怎么验证用户登录的?
将用户UID加密后后存入COOKIE,也就是所谓的token值。根据token解密后的UID获取用户信息,进而判断是否登录。现在有加密解密支持过期时间,比如DISCUZ加密解密函数。定期更换密钥KEY。
这样做的弊端若用户修改密码此token还是有效的。避免XSS漏洞,可将此COOKIE设置成HTTPONLY COOKIE。
» More replies by weicode
About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   1208 Online   Highest 6679   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 13ms · UTC 17:44 · PVG 01:44 · LAX 10:44 · JFK 13:44
♥ Do have faith in what you're doing.