Please help me on my final year project; online question and answer site. With this site, any user can search for a question and see the answer. To ask a question, the user must first login. my problem is this: how can I check whether or not a user has logged. Can it be done using session 开发者_Go百科control? Please help.
Usually, when the user is logged in, the site sends a cookie, which the browser stores. In each subsequent request the browser sends that cookie so that the site can verify whether th user is logged.
Normally, there are two cookies:
the session cookie (called JSESSIONID), which is set whenever the server starts a session. Note that even non-logged users (can) have a server-side session.
the logged user cookie, which stores some identifier about the logged user. For security reasons you should not store the user id, or worse - his username and password. Store some token that is invalidated on each login. (In fact, you can store 2 cookies, but this strategy is beyond the scope of this answer).
精彩评论