PHP based on session and cookie User Login status Action class code _php instance

 1, User logon Status Action class Userlogin

<?php Final class Userlogin {public Function __construct () {} public static function GetUserInfo () {if isset ($_coo kie["user_id"]) &&$_cookie["user_id"]&& (Trim ($_cookie["user_id"])!= "")) {if (Isset ($_session[)
User_info "]) return $_session[" User_info "];
$dao = new Userdao ();
$user = $dao->find ($_cookie["user_id"]);  if ($user) {$_session["user_info"] = $user; Setcookie ("Docloud_sid", session_id (), time () + 36000); Setcookie ("user_id",
$_cookie["user_id"], time () + 36000); if (array_key_exists ("selected_prj_id", $_cookie)) Setcookie ("selected_prj_id", $_cookie["selected_prj_id"], Time ()
+ 36000); if (array_key_exists ("selected_class_id", $_cookie)) Setcookie ("selected_class_id", $_cookie["selected_class_id"],
Time () + 36000); if (array_key_exists ("selected_image_id", $_cookie)) Setcookie ("selected_image_id", $_cookie["selected_image_id"],
Time () + 36000); if (array_key_exists ("Test_image_ids", $_cookie)) Setcookie ("Test_image_ids", $_cookie["Test_image_ids"], tIME () + 36000); if (array_key_exists ("Upload_image_ids", $_cookie)) Setcookie ("Upload_image_ids", $_cookie["Upload_image_ids"],
Time () + 36000);
return $user;
} Self::clearcookie ();
return null; The public static function Setuserinfo ($userInfo) {$_session["user_info"] = $userInfo; Setcookie ("Docloud_sid", Session_
ID (), time () + 36000);
Setcookie ("user_id", $userInfo->getid (), time () + 36000); public static function IsLogin () {if (Self::getuserinfo ()) {return true;} return false;} public static function Delu Serinfo () {Self::clearcookie (); Session_destroy ();} private static function ClearCookie () {Setcookie ("Docloud_sid", "" "
, Time ()-36000);
Setcookie ("user_id", "" ", Time ()-36000);
Setcookie ("selected_prj_id", "" ", Time ()-36000);
Setcookie ("selected_class_id", "" ", Time ()-36000);
Setcookie ("selected_image_id", "" ", Time ()-36000);
Setcookie ("Test_image_ids", "" ", Time ()-36000); Setcookie ("Upload_image_ids", "", Time ()-36000);}? >

2, user input user name, password to make the relevant decision

 <?php require_once ' init.php ';//If logged in, logout if (Userlogin::islogin () && Amp $_cookie["user_id"]==1) {userlogin::d eluserinfo ();} else if (Userlogin::islogin ()) {Utils::redirect (' Welcome ')} $
Username = null;
$password = null;
$msg = ""; if (isset ($_post[' username ')) && isset ($_post[' password '])) {$username = Addslashes (Trim (stripslashes
[' username ']));
$password = Addslashes (Trim (stripslashes ($_post [' Password ']));
Validate $errors = Loginvalidator::validate ($username, $password); if (empty ($errors)) {//Save $dao = new Userdao (); $user = $dao->findbyname ($username); $last _login_ip = Utils::getipa
Ddress ();
$user->setlastloginip ($last _login_ip);
$now = new DateTime ();
$user->setlastlogintime ($now);
$dao->save ($user);
Userlogin::setuserinfo ($user); Flash::addflash (' Login successful!
');
Utils::redirect (' welcome '); foreach ($errors as $e) {$msg. = $e->getmessage ().
<br> "; } 

One through the code to give you a description of PHP based on session and cookie user login status of the operation of the class related knowledge.

Here's a little bit of knowledge, the difference between Cookies and session

1.cookie is a text string handle sent to the client's browser and stored on the client's hard disk, which can be used to persist data between sessions of a Web site.

2.session actually refers to the time that a visitor arrives from a particular homepage to the date of departure. Session is actually using cookies for information processing, when the user first made a request, the server in the user's browser to create a cookie, when the session ended, it means that the cookie expired.

Note: The name of the cookie created for this user is ASPSessionID. The sole purpose of this cookie is to provide each user with a different identity certificate.

3.cookie and session are in common: cookies and sessions are the conversational ways used to track the identity of the browser's users.

The difference between 4.cookie and session is that the cookie data is stored on the client and the session data is stored on the server side.
Simply put, when you log in to a website,

· If the Web server side is using session, then all the data is stored on the server, the client each time the server will send the SessionID of the current conversation, the server based on the current SessionID to determine the corresponding user data markers, To determine whether the user is logged on or has some kind of permission. Since the data is stored on the server, you cannot forge it, but if you can get a sessionid of a logged-on user, it can be successful to falsify the user's request with a special browser. SessionID is a random allocation of server and client links, generally there will be no duplication, but if there is a large number of concurrent requests, it is not without the possibility of duplication.

· If the browser is using cookies, then all the data is stored on the browser side, such as after you log in, the server set the cookie username, then when you request the server again, the browser will send the user name piece to the server, these variables have certain special tags. The server is interpreted as a cookie variable, so as long as the browser is not closed, the cookie variable is always valid, so it can be guaranteed for a long period of time without dropping the line. If you can intercept a user's cookie variable and then forge a packet to send the past, the server still thinks you are legal. Therefore, using cookies is more likely to be attacked. If you set a valid time, it will save the cookie on the client's hard disk, and the next time you visit the Web site, the browser first checks for cookies and, if so, reads the cookie and sends it to the server. If you save a forum cookie on a machine that is valid for one year, if someone invades your machine, copies your cookie, and places it under the directory of his browser, he logs on to the site with your identity. So cookies can be forged. Of course, it takes an idea to forge it, just copy it.

Cookie file to the cookie directory, the browser is not recognized, he has a Index.dat file, store the cookie file creation time, and whether there are changes, so you must have the site's cookie file, and to the time to cheat from the browser

5. Two can be used to keep the privacy of things, also have the term of validity, the difference is that the session is placed on the server, the expiration or not depends on the service period of the setting, cookies exist in the client, the past or not can be set in the cookie generation.

(1) cookie data is stored on the client's browser and session data is placed on the server

(2) Cookies are not very safe, others can analyze stored in local cookies and cookies spoofing, if the main consideration of security should use session

(3) The session will be stored on the server for a certain period of time. When access is increased, the performance of your server can be compared, and if you primarily consider mitigating server performance, you should use cookies

(4) A single cookie on the client limit is 3K, that is, a site on the client store cookies can not be 3 K.

(5) So: The landing information and other important information stored as the session; Other information, if required, can be placed in a cookie