请问怎么提高登录验证的效能
请教如何提高登录验证的效能
登录是用$_COOKIE做的
会自动生成一个识别符($identifier)和验证符($token),保存到
<br />$_COOKIE["auth"] = $identifier . ":" . $token ;<br />有做加密,在此先不提加密的事<br />
同时把
识别符($identifier)和验证符($token) 分别保存到SQL的2个栏位
做了个function,并且在confing文件中引入运作
这样就每一页都会验证
function 大约是意思是
list($identifier, $token) = explode(':', $_COOKIE['auth']);
取回$_COOKIE之前设定的
识别符($identifier)和验证符($token)
然后对比数据库 这两个值是否一模一样
如果是正确,那就照常运作,如果不相等,就清空
setcookie('auth', 'DELETED!', time()-1);
以上这样做,就可以做到自动登录的效果了
效果和验证是可以正常使用,但问题是,大家的网站....难度验证功能都是每一页都要查询一次数据库的吗?
有没有什么别的方法?
基本上想到...是否做个别的timeout字段,定时清空,如果空了,才进行验证,又重新付值一次?
脑筋有点塞了,求个思路。
------解决方案--------------------
1、验证只发生在需要以用户数据修改系统数据数据的页面
2、增强的验证必须来自不同的数据源。将 识别符和验证符 用同一种方式传递,是没有意义的,自欺欺人的。
3、如有“踢人”的需求,那么就需要时刻检查了。可使用自定义的 session 处理程序来完成
------解决方案--------------------
直接获取cookie,用服务器的key解出来就可以了,不用验证,因为若是被修改,你用服务器的key是解不出来的
比如你就存放个uid和过期时间,要是能解出来,你就直接查询那个uid的信息,并存放到全局变量里面,解出来没有uid,说明就是被篡改了,要重新登录
------解决方案--------------------
1.负载问题我没有实际经验,但session的文件是hash,加了正确索引的用户表是树,我想前者会快一些,而且每个页面都要查询,似乎有些太占数据库连接了
2.cookie和session配合着来,session负责当前登陆,存个cookie负责下次自动登陆呗
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
10 Ways to Adjust Brightness on Windows 11
Dec 18, 2023 pm 02:21 PM
Screen brightness is an integral part of using modern computing devices, especially when you look at the screen for long periods of time. It helps you reduce eye strain, improve legibility, and view content easily and efficiently. However, depending on your settings, it can sometimes be difficult to manage brightness, especially on Windows 11 with the new UI changes. If you're having trouble adjusting brightness, here are all the ways to manage brightness on Windows 11. How to Change Brightness on Windows 11 [10 Ways Explained] Single monitor users can use the following methods to adjust brightness on Windows 11. This includes desktop systems using a single monitor as well as laptops. let's start. Method 1: Use the Action Center The Action Center is accessible
How to turn off private browsing authentication for iPhone in Safari?
Nov 29, 2023 pm 11:21 PM
In iOS 17, Apple introduced several new privacy and security features to its mobile operating system, one of which is the ability to require two-step authentication for private browsing tabs in Safari. Here's how it works and how to turn it off. On an iPhone or iPad running iOS 17 or iPadOS 17, Apple's browser now requires Face ID/Touch ID authentication or a passcode if you have any Private Browsing tab open in Safari and then exit the session or app to access them again. In other words, if someone gets their hands on your iPhone or iPad while it's unlocked, they still won't be able to view your privacy without knowing your passcode
Win10/11 digital activation script MAS version 2.2 re-supports digital activation
Oct 16, 2023 am 08:13 AM
The famous activation script MAS2.2 version supports digital activation again. The method originated from @asdcorp and the team. The MAS author calls it HWID2. Download gatherosstate.exe (not original, modified) from https://github.com/massgravel/Microsoft-Activation-Scripts, run it with parameters, and generate GenuineTicket.xml. First take a look at the original method: gatherosstate.exePfn=xxxxxxx;DownlevelGenuineState=1 and then compare with the latest method: gatheros
Where are cookies stored?
Dec 20, 2023 pm 03:07 PM
Cookies are usually stored in the cookie folder of the browser. Cookie files in the browser are usually stored in binary or SQLite format. If you open the cookie file directly, you may see some garbled or unreadable content, so it is best to use Use the cookie management interface provided by your browser to view and manage cookies.
Where are the cookies on your computer?
Dec 22, 2023 pm 03:46 PM
Cookies on your computer are stored in specific locations on your browser, depending on the browser and operating system used: 1. Google Chrome, stored in C:\Users\YourUsername\AppData\Local\Google\Chrome\User Data\Default \Cookies etc.
How to solve session failure
Oct 18, 2023 pm 05:19 PM
Session failure is usually caused by the session lifetime expiration or server shutdown. The solutions: 1. Extend the lifetime of the session; 2. Use persistent storage; 3. Use cookies; 4. Update the session asynchronously; 5. Use session management middleware.
Solution to PHP Session cross-domain problem
Oct 12, 2023 pm 03:00 PM
Solution to the cross-domain problem of PHPSession In the development of front-end and back-end separation, cross-domain requests have become the norm. When dealing with cross-domain issues, we usually involve the use and management of sessions. However, due to browser origin policy restrictions, sessions cannot be shared by default across domains. In order to solve this problem, we need to use some techniques and methods to achieve cross-domain sharing of sessions. 1. The most common use of cookies to share sessions across domains
Where are the mobile cookies?
Dec 22, 2023 pm 03:40 PM
Cookies on the mobile phone are stored in the browser application of the mobile device: 1. On iOS devices, Cookies are stored in Settings -> Safari -> Advanced -> Website Data of the Safari browser; 2. On Android devices, Cookies Stored in Settings -> Site settings -> Cookies of Chrome browser, etc.
