zoukankan      html  css  js  c++  java
  • CI system/libraries/Session.php

    system/libraries/Session.php

    CIsession类的实现机制是使用了浏览器的Cookie,如果用户禁用了Cookie,那么Session将无法使用。网上也有说CISession莫名其妙丢失的问题,所以我就直接看看代码里是怎么处理,比无谓的猜测要有意义的多。

    /**
         * Fetch the current session data if it exists
         *
         * @access    public
         * @return    bool
         */
        function sess_read()
        {
            // Fetch the cookie
            $session = $this->CI->input->cookie($this->sess_cookie_name); //通过Cookie获取数据
    
            // No cookie?  Goodbye cruel world!... 
            if ($session === FALSE)
            {
                log_message('debug', 'A session cookie was not found.');
                return FALSE;
            }
    
            // Decrypt the cookie data
            if ($this->sess_encrypt_cookie == TRUE)
            {
                $session = $this->CI->encrypt->decode($session);
            }
            else
            {
           //看这里,即使你在设置里没有使用加密,但是你必须要设一个加密秘钥,因为CI要保证从客户端Cookie获取的数据是可靠的。
    // encryption was not used, so we need to check the md5 hash $hash = substr($session, strlen($session)-32); // get last 32 chars //得到Hash数值 $session = substr($session, 0, strlen($session)-32); //真正的Session内容 // Does the md5 hash match? This is to prevent manipulation of session data in userspace
           //使用配置文件中给Session加密的秘钥和Session的内容,对Session进行MD5操作,并与上面得到的散列值做对比
    if ($hash !== md5($session.$this->encryption_key)) { log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.'); $this->sess_destroy(); return FALSE; } } // Unserialize the session array $session = $this->_unserialize($session); // Is the session data we unserialized an array with the correct format? if ( ! is_array($session) OR ! isset($session['session_id']) OR ! isset($session['ip_address']) OR ! isset($session['user_agent']) OR ! isset($session['last_activity'])) { $this->sess_destroy(); return FALSE; } // Is the session current? if (($session['last_activity'] + $this->sess_expiration) < $this->now) { $this->sess_destroy(); return FALSE; } // Does the IP Match? IP地址匹配没什么好说的 if ($this->sess_match_ip == TRUE AND $session['ip_address'] != $this->CI->input->ip_address()) { $this->sess_destroy(); return FALSE; } // Does the User Agent Match? 浏览器 user_agent 匹配,这里有个细节要注意下,这里只匹配从客户端获取的120个字符的数据。 if ($this->sess_match_useragent == TRUE AND trim($session['user_agent']) != trim(substr($this->CI->input->user_agent(), 0, 120))) { $this->sess_destroy(); return FALSE; } // Is there a corresponding session in the DB? 如果你的CI Session配置了使用数据库,那么会到数据库查询该记录。 if ($this->sess_use_database === TRUE) { $this->CI->db->where('session_id', $session['session_id']); if ($this->sess_match_ip == TRUE) { $this->CI->db->where('ip_address', $session['ip_address']); } if ($this->sess_match_useragent == TRUE) { $this->CI->db->where('user_agent', $session['user_agent']); } $query = $this->CI->db->get($this->sess_table_name); // No result? Kill it! if ($query->num_rows() == 0) { $this->sess_destroy(); return FALSE; } // Is there custom data? If so, add it to the main session array $row = $query->row(); if (isset($row->user_data) AND $row->user_data != '') { $custom_data = $this->_unserialize($row->user_data); if (is_array($custom_data)) { foreach ($custom_data as $key => $val) { $session[$key] = $val; } } } } // Session is valid! $this->userdata = $session; unset($session); return TRUE; }
  • 相关阅读:
    Sql中CHARINDEX用法
    Ubuntu 18.04 配置ibus中文拼音输入法(超简单)
    win10使用教程(电脑windows系统基础使用教程快速入门手册图文详解)
    angularjs中$scope是什么意思
    angularjs中$scope是什么意思?
    005列表标签
    Evanyou Blog 彩带
    Evanyou Blog 彩带
    Evanyou Blog 彩带
    Evanyou Blog 彩带
  • 原文地址:https://www.cnblogs.com/bruceleeliya/p/2796667.html
Copyright © 2011-2022 走看看