Sessions are usually stored in the/tmp directory, and the permission of the folder is everbody readable, which is terrible! In the school forum, someone used session to steal accounts! Later, I tried to put the session into the database. The table structure and process were as follows:
// Create a table
// Create sesslib. SQL
Create table sesslib (
Data text,
Time datetime,
Id int (11) DEFAULT '0' not null auto_increment,
Sid varchar (32) not null,
Primary key (id ),
UNIQUE sid (sid)
);
// End
// XX. php customizes the session database path. When a page needs to use // session, you can include this part by using the following methods:
<?
Include "XX. php"; // XX. php
Session_start ();
// The session can be used normally below
?>
/*************************************** ***************/
XX. php content:
/*************************************** **************/
<?
$ Sess_dbh = "";
$ Sess_maxlifetime = get_cfg_var ("session. gc_maxlifetime ");
Function sess_open ($ save_path, $ session_name ){
Global $ hostname, $ dbusername, $ dbpassword, $ dbname, $ sess_dbh;
// $ Sess_dbh = mysql_pconnect ($ hostname, $ dbusername, $ dbpassword) or die ("cannot connect to the database! ");
$ Sess_dbh = mysql_pconnect ('localhost', 'test', 'test') or die ("cannot connect to the database! ");
// Mysql_select_db ("$ dbname") or die ("You cannot select a database! ");
Mysql_select_db ('test') or die ("You cannot select a database! ");
Return (true );
}
Function sess_close (){
// Mysql_close ();
Return (true );
}
Function sess_read ($ sid ){
Global $ sess_dbh;
$ Result = mysql_query ("select data from sesslib where sid = '$ sid'", $ sess_dbh );