Ask how to improve the performance of login verification
This post was last edited by sky94132003 on 2014-07-25 21:02:14
A recently made system
The login was made with $_cookie.
An identifier ($identifier) and a validator ($token) are automatically generated and saved to
$_cookie["auth"] = $identifier. ":" . $token;
Have to do encryption, do not mention the encryption thing
At the same time
The identifier ($identifier) and the authenticator ($token) are saved to 2 fields of SQL, respectively.
Has a function and is introduced into the confing file.
This will validate every page
function is about the meaning of
List ($identifier, $token) = Explode (': ', $_cookie[' auth ');
Before retrieving the $_cookie set
Identifier ($identifier) and authenticator ($token)
Then compare the database with the two values are identical
If it is correct, it will work as usual, and if not equal, empty it.
Setcookie (' auth ', ' deleted! ', Time ()-1);
The above to do so, you can do the effect of automatic login
The effects and validations are normal to use, but the problem is that everyone's website .... Does the difficulty verification feature query the database once per page?
Is there any other way?
Basically think of ... Do you want to do an individual timeout field, empty it periodically, and if it's empty, validate it and pay it back again?
The brain is a bit stuffed, ask for a train of thought.
------Solution--------------------
1. Verify that only pages that need to modify system data data with user data are
2. Enhanced authentication must come from a different data source. It is meaningless and self-deceiving to pass the identifier and the authenticator in the same way.
3. If there is a need for "kicking people", then it needs to be checked at all times. You can use a custom session handler to complete
------Solution--------------------
Direct access to cookies, with the server's key to solve it, do not verify, because if modified, you use the server key is not solved
For example, you store a UID and expiration time, if you can solve it, you directly query the UID information, and stored in the global variable, the solution out of no UID, the description is tampered with, to re-login
------Solution--------------------
Citation:
Thank you first
1. The problem is that there is a load problem when the traffic is large
2. I write so troublesome do not want to use the session, because to do automatic login, should only use cookies it?
1. Load problem I have no practical experience, but the session of the file is a hash, plus the correct index of the user table is a tree, I think the former will be faster, and every page to query, it seems that some too much database connection
2.cookie and session together, the session is responsible for the current login, save a cookie responsible for the next automatic landing chant