开发者

how can I check whether or not a user has logged in

Please help me on my final year project; online question and answer site. With this site, any user can search for a question and see the answer. To ask a question, the user must first login. my problem is this: how can I check whether or not a user has logged. Can it be done using session 开发者_Go百科control? Please help.


Usually, when the user is logged in, the site sends a cookie, which the browser stores. In each subsequent request the browser sends that cookie so that the site can verify whether th user is logged.

Normally, there are two cookies:

  • the session cookie (called JSESSIONID), which is set whenever the server starts a session. Note that even non-logged users (can) have a server-side session.

  • the logged user cookie, which stores some identifier about the logged user. For security reasons you should not store the user id, or worse - his username and password. Store some token that is invalidated on each login. (In fact, you can store 2 cookies, but this strategy is beyond the scope of this answer).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜