必须依赖session吗?
pslxx opened this issue · 5 comments
pslxx commented
必须依赖session吗?
overtrue commented
https://auth0.com/docs/protocols/oauth2/oauth-state
Auth0 DocsExplains how to use the state parameter in authentication requests to help prevent CSRF attacks and restore state
overtrue commented
state 参数目前比较合适的方式就是使用 session 存储
askme-gpt commented
@pslxx 可以使用redis啊,继承sessionHaderinterface就可以了。
<?php
namespace App\Common\Cache;
use EasySwoole\RedisPool\Redis;
class RedisSessionHandler implements \SessionHandlerInterface
{
private $handle;
private $lifetime;
private $prefix;
public function __construct()
{
$this->prefix = config('SESSION_PREFIX') ?? 'redis_session';
}
/**
* open session
* @param string $save_path
* @param string $session_name
* @return bool
*/
public function open($save_path = null, $session_name = null)
{
$this->handle = Redis::defer('redis');
// 过期时间设置
$this->lifetime = config('SESSION_LIFETIME') ?? ini_get('session.gc_maxlifetime');
return true;
}
/**
* close session
* @return bool
*/
public function close()
{
return true;
}
/**
* read session by session_id
* @param string $session_id
* @return mixed
*/
public function read($session_id)
{
$session_id = $this->prefix . $session_id;
$data = $this->handle->get($session_id);
$this->handle->expire($session_id, $this->lifetime);
return $data;
}
/**
* write session by session_id
* @param string $session_id
* @param string $session_data
* @return mixed
*/
public function write($session_id, $session_data)
{
$session_id = $this->prefix . $session_id;
$this->handle->set($session_id, $session_data);
return $this->handle->expire($session_id, $this->lifetime);
}
/**
* delete session_id
* @param string $session_id
* @return mixed
*/
public function destroy($session_id)
{
return $this->handle->del($this->prefix . $session_id);
}
/**
* this function is no use because of redis expire
* @param int $maxlifetime
* @return bool
*/
public function gc($maxlifetime)
{
return true;
}
}
pslxx commented
@pslxx 可以使用redis啊,继承sessionHaderinterface就可以了。
<?php namespace App\Common\Cache; use EasySwoole\RedisPool\Redis; class RedisSessionHandler implements \SessionHandlerInterface { private $handle; private $lifetime; private $prefix; public function __construct() { $this->prefix = config('SESSION_PREFIX') ?? 'redis_session'; } /** * open session * @param string $save_path * @param string $session_name * @return bool */ public function open($save_path = null, $session_name = null) { $this->handle = Redis::defer('redis'); // 过期时间设置 $this->lifetime = config('SESSION_LIFETIME') ?? ini_get('session.gc_maxlifetime'); return true; } /** * close session * @return bool */ public function close() { return true; } /** * read session by session_id * @param string $session_id * @return mixed */ public function read($session_id) { $session_id = $this->prefix . $session_id; $data = $this->handle->get($session_id); $this->handle->expire($session_id, $this->lifetime); return $data; } /** * write session by session_id * @param string $session_id * @param string $session_data * @return mixed */ public function write($session_id, $session_data) { $session_id = $this->prefix . $session_id; $this->handle->set($session_id, $session_data); return $this->handle->expire($session_id, $this->lifetime); } /** * delete session_id * @param string $session_id * @return mixed */ public function destroy($session_id) { return $this->handle->del($this->prefix . $session_id); } /** * this function is no use because of redis expire * @param int $maxlifetime * @return bool */ public function gc($maxlifetime) { return true; } }
谢谢,本来问这个问题,是主要用于app和前后端分离的项目,整个项目中的认证都是无状态的,就算用redis 也是没状态识别,,现在全部用stateless.
overtrue commented
新版 3.0 已经不依赖 $request 和 session 了哈,完全交由开发者自己决定,具体使用请参考文档。