Home > Tutorials > PHP Tutorials

How can I improve the performance of login verification?

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Ask how to improve the performance of login verification
This post was last edited by sky94132003 on 2014-07-25 21:02:14

A recently made system

The login was made with $_cookie.

An identifier ($identifier) and a validator ($token) are automatically generated and saved to 

$_cookie["auth"] = $identifier. ":" . $token;
Have to do encryption, do not mention the encryption thing


At the same time
The identifier ($identifier) and the authenticator ($token) are saved to 2 fields of SQL, respectively.

Has a function and is introduced into the confing file.

This will validate every page

function is about the meaning of

List ($identifier, $token) = Explode (': ', $_cookie[' auth ');
Before retrieving the $_cookie set
Identifier ($identifier) and authenticator ($token)

Then compare the database with the two values are identical

If it is correct, it will work as usual, and if not equal, empty it.
Setcookie (' auth ', ' deleted! ', Time ()-1);


The above to do so, you can do the effect of automatic login

The effects and validations are normal to use, but the problem is that everyone's website .... Does the difficulty verification feature query the database once per page?

Is there any other way?

Basically think of ... Do you want to do an individual timeout field, empty it periodically, and if it's empty, validate it and pay it back again?


The brain is a bit stuffed, ask for a train of thought.
------Solution--------------------
1. Verify that only pages that need to modify system data data with user data are
2. Enhanced authentication must come from a different data source. It is meaningless and self-deceiving to pass the identifier and the authenticator in the same way.
3. If there is a need for "kicking people", then it needs to be checked at all times. You can use a custom session handler to complete
------Solution--------------------
Direct access to cookies, with the server's key to solve it, do not verify, because if modified, you use the server key is not solved

For example, you store a UID and expiration time, if you can solve it, you directly query the UID information, and stored in the global variable, the solution out of no UID, the description is tampered with, to re-login
------Solution--------------------
Citation:
Thank you first
1. The problem is that there is a load problem when the traffic is large
2. I write so troublesome do not want to use the session, because to do automatic login, should only use cookies it?


1. Load problem I have no practical experience, but the session of the file is a hash, plus the correct index of the user table is a tree, I think the former will be faster, and every page to query, it seems that some too much database connection
2.cookie and session together, the session is responsible for the current login, save a cookie responsible for the next automatic landing chant

    • This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

    Related Keywords:
    how to improve imac performance how to improve database performance how to improve query performance how to improve sql performance how to improve wordpress performance how indexes improve query performance how to improve sql query performance

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    What's Trending
    Top 10 Tags
    datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
    Top 10 Keywords
    microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    Get Started for Free

    • Sales Support

      1 on 1 presale consultation

      Chat Contact Sales

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

      Open a Ticket

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

      Learn More