How to implement session sharing and login verification in PHP_PHP Tutorial

This article introduces in detail the common background management login of session and the method of using session ID to realize user shared login between multiple servers. Friends who need to know more can check out the full article.

Let’s first talk about using session to log in

The code of login page 05.php is as follows:

 代码如下

复制代码

if (isset ($_SESSION['shili'])){
header ("Location:shili.php") ;     //重新定向到其他页面
exit ; }  ?>

管理系统登录
管理员:
密码:
;

This program is an administrator login interface. It first initializes the session, and then detects whether the user has logged in by detecting whether the session variable has been registered. If so, there is no need to log in again and is directed to other pages. JavaScript is also used here to determine whether the username and password have been entered.
Verify login page

The code of

06.php is as follows:

The code is as follows	Copy code
代码如下	复制代码
if (isset ($_SESSION['shili'])){ header ("Location:shili.php") ;    //重新定向到其他页面 exit ; }                       //登录过的话立即结束 $shili_name=$_POST['username'] ;    //获取参数 $password=$_POST['password'] ; //验证管理员名称和密码是否正确,这里采用直接验证,没有连接数据库 if ($shili_name=="mr" and $password=="mrsoft"){ session_register ("shili") ;        //注册新的变量,保存当前会话的昵称 $shili = $shili_name ; echo "登录成功!" ; header ("Location:shili.php") ;    //登录成功重定向到管理页面 }else{ echo " " ; echo "账号或密码错误,或者不是管理员账号 " ; echo "登录失败! 请重新输入"; echo " " ; }   ?>

if (isset ($_SESSION['shili'])){

header ("Location:shili.php") ; //Redirect to other pages
exit ; }                                                                                                                                  out out out of                                      $shili_name=$_POST['username'] ; //Get parameters
$password=$_POST['password'] ;

//Verify whether the administrator name and password are correct. Direct verification is used here without connecting to the database

代码如下	复制代码
if (!isset ($_SESSION['shili'])){ echo " " ; echo "" ; echo "你没有登录,请登录!" ; echo " " ; exit () ;  }  ?>

if ($shili_name=="mr" and $password=="mrsoft"){ session_register ("shili") ; //Register new variables and save the nickname of the current session $shili = $shili_name ; echo "Login successful!" ; header ("Location:shili.php") ; //Redirect to management page after successful login }else{ echo "

" ; echo "The account or password is wrong, or it is not an administrator account
" ; echo "Login failed!
Please re-enter "; echo "

" ; } ?> The program also first detects whether the user has logged in through the session variable. If not, the entered user name and password must be verified. If correct, the session variable is registered and the login success is output! . If it is incorrect, it will prompt login failure. This is a simple user login verification program that blocks users who browse directly without logging in through session variables. If you want to restrict users from browsing a certain page, you can use the same method, just put the following code at the beginning of the page:

The code is as follows	Copy code
if (!isset ($_SESSION['shili'])){ echo " " ; echo "" ; echo "You are not logged in, pleaseLog in!" ; echo " " ; exit () ; } ?>

Use session_id to achieve shared login

First of all, there is the problem of multi-server sharing sessions. Everyone should be able to understand this. When the number of users of a website is too large, a server cluster will be used, such as a dedicated server for login. After the user logs in through the login server, the login server saves the user's login information session, and other accessed servers, such as the movie server, do not have this session, then we have to share this session through a unique identifier of the session - the specific session The sharing is beyond the scope of this article, please check the information yourself.

The second purpose is to verify different sessions of the same user, which is more difficult to understand. Let's put it this way, when a user does not request a connection through a browser, but requests data through a socket or other methods, we must first perform user login verification on him. After the verification is successful, we will issue a sessionid to him, and then He carries this sessionid every time he makes a request. We use this sessionid to determine whether the session already exists. If it exists, we assume that the user has logged in...

For the first question, we can save the sessionid in the database to achieve this. This method is relatively safe and widely used, but it is not the scope of our discussion

First generate a sessionid during verification;

//Delivery session to client .........

The code is as follows

代码如下	复制代码
Session_start(); $sessionId = session_id();//得到sessionid //将session下发给客户端 ......... ?>

Copy code

代码如下	复制代码
Session_id(‘$sessionid');//注意这个时候session_id()这个函数是带有参数的 Session_start();//这个函数必须在session_id()之后 ?>

Session_start(); $sessionId = session_id();//Get sessionid

?>

The client carries the sessionid variable to request data

The code is as follows

Copy code

Session_id(‘$sessionid’);//Note that the session_id() function has parameters at this time Session_start();//This function must be after session_id() ?> Okay, the problem has been solved very well. Friends who need to know more can refer to it. http://www.bkjia.com/PHPjc/632211.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632211.htmlTechArticleThis article introduces in detail the common background management login of session and the use of session id to realize users between multiple servers. Share the login method, friends who need to know can check it out...