在网上找了很多,终于搞明白了,也行不是最好的办法,但确实非常使用的方法。
其中最重要的就是 设置session id 至 本地 cookies 当中, 采用如下方法:
$currentSessionID = session_id();
和
session_id($currentSessionID );
简单实例:
Script 1(HTTP):
<?php// This script will create a session and display a link to your secure server address// to transfer your session ID. In this example, the secure page to receive the session// ID is located at /safePages/securePage.php// Start a session using the current session ID stored in a cookie, or create// a new session if none is set.session_start();$currentSessionID = session_id();// Set a variable that will be retrieved with the HTTPS script.$_SESSION['testvariable'] = 'It worked';// $secureServerDomain is the domain of your secure server$secureServerDomain = '';// $securePagePath is the path to the page that will receive and set the session ID.$securePagePath = '/safePages/securePage.php'echo '<a href="https://' . $secureServerDomain . $securePagePath . '?session="' . $currentSessionID . '">Click here to transfer your session to the secure server</a>';?>
Script 2(HTTPS):
<?php// Retrieve the session ID as passed via the GET method.$currentSessionID = $_GET['session'];// Set a cookie for the session ID.session_id($currentSessionID);// Start a session.session_start();// Test retrieval of variable set when using HTTP.if (!empty($_SESSION['testvariable'])) {echo $_SESSION['testvariable'];} else {echo 'It did not work.';}?>
但是要注意的是:
/page.php 跳转到 /page.php
或者
跳转到 /page.php.
关于安全性:
应该讲和传统的登录验证安全性一样。都是不太安全的。因为sid的传输是没有加密的,别人也可以通过监听,嗅探来获取这个session id,也就获取了你的session数据。因此后面可以考虑将session id信息加密之后进行传输。
另一种就是采用数据库的方式:
见附件。
require_once "session.class.php";$oSession = new Session();print_r($_SESSION); // First$_SESSION['hi'] = "lisha"; // Comment this Once sessoin is set$_SESSION['test'] = "gideon"; // Comment this Once sessoin is setecho '===========';//Now use php sessions as usualprint_r($_SESSION); // First
说明一下的是,需要用到 session_set_save_handler 函数,它要配合 ini_set('session.save_handler', 'user'); 一起使用!
