2
我讀了關於將codeigniter會話存儲到數據庫中的信息。當我聽到笨會話保存到餅乾,因爲我的網站使用的會話進行身份驗證並設置權限,我很擔心,所以我設計的代碼檢查Cookie的工作:是codeigniter會話安全嗎?
<?php if (! defined('BASEPATH')) exit('No direct script access allowed');
class sess extends CI_Controller
{
public function loadsession()
{
$this->session->set_userdata('username','administrator');
$this->session->set_userdata('password','abcdef123456');
}
}
/* End of file sess.php */
/* Location: ./application/controllers/sess.php */
這是結果的cookie(ci_session ):
a%3A7%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2298867177e69b4d33059c7517782bdfc9%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22192.168.1.100%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A120%3A%22Mozilla%2F5.0+%28iPhone%3B+U%3B+CPU+iPhone+OS+3_0+like+Mac+OS+X%3B+en-us%29+AppleWebKit%2F528.18+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobil%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1373188924%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A8%3A%22username%22%3Bs%3A13%3A%22administrator%22%3Bs%3A8%3A%22password%22%3Bs%3A12%3A%22abcdef123456%22%3B%7D3ef00c243e040389e98ab204933d4c8c
包含原始數據:
用戶名%22%3BS%3A13%3A%22 管理員%22%3BS%3A8%3A%22password%22%3BS%3A12%3A% 22 abcdef123456%22%3B%7D3ef00c243e040389e98ab204933d4c8c
我不知道如何改變cookie在Firefox中,但如果我這樣做,它會欺騙服務器?如何防止呢?在數據庫中保存會話是否可以保護我免受此類欺詐?