我应该添加什么来处理安全和安全的登录和注销?Symfony2:安全/安全登录和注销
对于登录我从数据库中简单地获取和验证的信息,然后我设置会话和饼干:
if ($users) { //$users - fetched array of users
foreach ($users as $user) {
$response->headers->setCookie(new Cookie('user', $cookie, $expire, $path = '/', $domain = '', $secure = false, $httpOnly = false));
$response->sendHeaders();
foreach ($user as $key => $value) {
//setting every user information to session except password
$session->set($key, $value);
}
}
}
而对于注销我只是删除会话和饼干:
$response->headers->clearCookie('user');
$response->sendHeaders();
$request->getSession()->invalidate();
“用户'我设置为Cookie的值由以下项生成:
$password = $user['password']; //is already in md5
$username = $user['email'];
$cookie = base64_encode ("$username:" . md5 ($password));
所有这些都存储到主控制器。
为什么设置cookie?你真的不应该使用密码MD5,看看bcrypt或pbkdf2 – JimL 2014-10-06 17:00:48
@JimL重新创建会话,每次用户进入网站。是的,我使用密码和盐的md5。 – 2014-10-06 19:46:23