From 1be66364205e4cb66a547920d577fb97fc6061a3 Mon Sep 17 00:00:00 2001 From: Funson Lee Date: Tue, 11 Nov 2014 09:18:14 +0800 Subject: [PATCH] new translation chinese --- docs/guide-zh-CN/runtime-sessions-cookies.md | 95 +------------------- 1 file changed, 1 insertion(+), 94 deletions(-) diff --git a/docs/guide-zh-CN/runtime-sessions-cookies.md b/docs/guide-zh-CN/runtime-sessions-cookies.md index 86e79159a6..28c74dcf35 100644 --- a/docs/guide-zh-CN/runtime-sessions-cookies.md +++ b/docs/guide-zh-CN/runtime-sessions-cookies.md @@ -1,10 +1,6 @@ -Sessions and Cookies Sessions 和 Cookies ==================== -[译注:Session中文翻译为会话,Cookie有些翻译成小甜饼,不贴切,两个单词保留英文]Sessions and cookies allow data to be persisted across multiple user requests. In plain PHP, you may access them -through the global variables `$_SESSION` and `$_COOKIE`, respectively. Yii encapsulates sessions and cookies as objects -and thus allows you to access them in an object-oriented fashion with additional nice enhancements. [译注:Session中文翻译为会话,Cookie有些翻译成小甜饼,不贴切,两个单词保留英文] Sessions 和 cookies 允许数据在多次请求中保持, 在纯PHP中,可以分别使用全局变量`$_SESSION` 和`$_COOKIE` 来访问,Yii将session和cookie封装成对象并增加一些功能, 可通过面向对象方式访问它们。 @@ -12,17 +8,12 @@ and thus allows you to access them in an object-oriented fashion with additional ## Sessions -Like [requests](runtime-requests.md) and [responses](runtime-responses.md), you can get access to sessions via -the `session` [application component](structure-application-components.md) which is an instance of [[yii\web\Session]], -by default. 和 [请求](runtime-requests.md) 和 [响应](runtime-responses.md)类似, 默认可通过为[[yii\web\Session]] 实例的`session` [应用组件](structure-application-components.md) 来访问sessions。 -### Opening and Closing Sessions ### 开启和关闭 Sessions -To open and close a session, you can do the following: 可使用以下代码来开启和关闭session。 ```php @@ -41,13 +32,10 @@ $session->close(); $session->destroy(); ``` -You can call the [[yii\web\Session::open()|open()]] and [[yii\web\Session::close()|close()]] multiple times -without causing errors. This is because internally the methods will first check if the session is already opened. 多次调用[[yii\web\Session::open()|open()]] 和[[yii\web\Session::close()|close()]] 方法并不会产生错误, 因为方法内部会先检查session是否已经开启。 -### Accessing Session Data ### 访问Session数据 To access the data stored in session, you can do the following: @@ -56,55 +44,43 @@ To access the data stored in session, you can do the following: ```php $session = Yii::$app->session; -// get a session variable. The following usages are equivalent: // 获取session中的变量值,以下用法是相同的: $language = $session->get('language'); $language = $session['language']; $language = isset($_SESSION['language']) ? $_SESSION['language'] : null; -// set a session variable. The following usages are equivalent: // 设置一个session变量,以下用法是相同的: $session->set('language', 'en-US'); $session['language'] = 'en-US'; $_SESSION['language'] = 'en-US'; -// remove a session variable. The following usages are equivalent: // 删除一个session变量,以下用法是相同的: $session->remove('language'); unset($session['language']); unset($_SESSION['language']); -// check if a session variable exists. The following usages are equivalent: // 检查session变量是否已存在,以下用法是相同的: if ($session->has('language')) ... if (isset($session['language'])) ... if (isset($_SESSION['language'])) ... -// traverse all session variables. The following usages are equivalent: // 遍历所有session变量,以下用法是相同的: foreach ($session as $name => $value) ... foreach ($_SESSION as $name => $value) ... ``` -> Info: When you access session data through the `session` component, a session will be automatically opened -if it has not been done so before. This is different from accessing session data through `$_SESSION`, which requires -an explicit call of `session_start()`. > 补充: 当使用`session`组件访问session数据时候,如果session没有开启会自动开启, 这和通过`$_SESSION`不同,`$_SESSION`要求先执行`session_start()`。 -When working with session data that are arrays, the `session` component has a limitation which prevents you from -directly modifying an array element. For example, 当session数据为数组时,`session`组件会限制你直接修改数据中的单元项,例如: ```php $session = Yii::$app->session; -// the following code will NOT work // 如下代码不会生效 $session['captcha']['number'] = 5; $session['captcha']['lifetime'] = 3600; -// the following code works: // 如下代码会生效: $session['captcha'] = [ 'number' => 5, @@ -115,73 +91,50 @@ $session['captcha'] = [ echo $session['captcha']['lifetime']; ``` -You can use one of the following workarounds to solve this problem: 可使用以下任意一个变通方法来解决这个问题: ```php $session = Yii::$app->session; -// directly use $_SESSION (make sure Yii::$app->session->open() has been called) // 直接使用$_SESSION (确保Yii::$app->session->open() 已经调用) $_SESSION['captcha']['number'] = 5; $_SESSION['captcha']['lifetime'] = 3600; -// get the whole array out first, modify it and then save it back // 先获取session数据到一个数组,修改数组的值,然后保存数组到session中 $captcha = $session['captcha']; $captcha['number'] = 5; $captcha['lifetime'] = 3600; $session['captcha'] = $captcha; -// use ArrayObject instead of array // 使用ArrayObject 数组对象代替数组 $session['captcha'] = new \ArrayObject; ... $session['captcha']['number'] = 5; $session['captcha']['lifetime'] = 3600; -// store array data by keys with common prefix // 使用带通用前缀的键来存储数组 $session['captcha.number'] = 5; $session['captcha.lifetime'] = 3600; ``` -For better performance and code readability, we recommend the last workaround. That is, instead of storing -an array as a single session variable, you store each array element as a session variable which shares the same -key prefix with other array elements. 为更好的性能和可读性,推荐最后一种方案,也就是不用存储session变量为数组, 而是将每个数组项变成有相同键前缀的session变量。 -### Custom Session Storage ### 自定义Session存储 -The default [[yii\web\Session]] class stores session data as files on the server. Yii also provides the following -session classes implementing different session storage: [[yii\web\Session]] 类默认存储session数据为文件到服务器上,Yii提供以下session类实现不同的session存储方式: -* [[yii\web\DbSession]]: stores session data in a database table. -* [[yii\web\CacheSession]]: stores session data in a cache with the help of a configured [cache component](caching-data.md#cache-components). -* [[yii\redis\Session]]: stores session data using [redis](http://redis.io/) as the storage medium. -* [[yii\mongodb\Session]]: stores session data in a [MongoDB](http://www.mongodb.org/). * [[yii\web\DbSession]]: 存储session数据在数据表中 * [[yii\web\CacheSession]]: 存储session数据到缓存中,缓存和配置中的[缓存组件](caching-data.md#cache-components)相关 * [[yii\redis\Session]]: 存储session数据到以[redis](http://redis.io/) 作为存储媒介中 * [[yii\mongodb\Session]]: 存储session数据到[MongoDB](http://www.mongodb.org/). -All these session classes support the same set of API methods. As a result, you can switch to use a different -session storage without the need to modify your application code that uses session. 所有这些session类支持相同的API方法集,因此,切换到不同的session存储介质不需要修改项目使用session的代码。 -> Note: If you want to access session data via `$_SESSION` while using custom session storage, you must make - sure that the session is already started by [[yii\web\Session::open()]]. This is because custom session storage - handlers are registered within this method. > 注意: 如果通过`$_SESSION`访问使用自定义存储介质的session,需要确保session已经用[[yii\web\Session::open()]] 开启, 这是因为在该方法中注册自定义session存储处理器。 -To learn how to configure and use these component classes, please refer to their API documentation. Below is -an example showing how to configure [[yii\web\DbSession]] in the application configuration to use database table -as session storage: 学习如何配置和使用这些组件类请参考它们的API文档,如下为一个示例 显示如何在应用配置中配置[[yii\web\DbSession]]将数据表作为session存储介质。 @@ -197,7 +150,6 @@ return [ ]; ``` -You also need to create the following database table to store session data: 也需要创建如下数据库表来存储session数据: ```sql @@ -219,16 +171,11 @@ CREATE TABLE session 例如,如果 `session.hash_function=sha256` ,应使用长度为64而不是40的char类型。 -### Flash Data +### Flash 数据 -Flash data is a special kind of session data which, once set in one request, will only be available during -the next request and will be automatically deleted afterwards. Flash data is most commonly used to implement -messages that should only be displayed to end users once, such as a confirmation message displayed after -a user successfully submits a form. Flash数据是一种特别的session数据,它一旦在某个请求中设置后,只会在下次请求中有效,然后该数据就会自动被删除。 常用于实现只需显示给终端用户一次的信息,如用户提交一个表单后显示确认信息。 -You can set and access flash data through the `session` application component. For example, 可通过`session`应用组件设置或访问`session`,例如: ```php @@ -247,12 +194,8 @@ echo $session->getFlash('postDeleted'); $result = $session->hasFlash('postDeleted'); ``` -Like regular session data, you can store arbitrary data as flash data. 和普通session数据类似,可将任意数据存储为flash数据。 -When you call [[yii\web\Session::setFlash()]], it will overwrite any existing flash data that has the same name. -To append new flash data to the existing one(s) of the same name, you may call [[yii\web\Session::addFlash()]] instead. -For example: 当调用[[yii\web\Session::setFlash()]]时, 会自动覆盖相同名的已存在的任何数据, 为将数据追加到已存在的相同名flash中,可改为调用[[yii\web\Session::addFlash()]]。 例如: @@ -271,11 +214,6 @@ $session->addFlash('alerts', 'You are promoted.'); $alerts = $session->getFlash('alerts'); ``` -> Note: Try not to use [[yii\web\Session::setFlash()]] together with [[yii\web\Session::addFlash()]] for flash data - of the same name. This is because the latter method will automatically turn the flash data into an array so that it - can append new flash data of the same name. As a result, when you call [[yii\web\Session::getFlash()]], you may - find sometimes you are getting an array while sometimes you are getting a string, depending on the order of - the invocation of these two methods. > 注意: 不要在相同名称的flash数据中使用[[yii\web\Session::setFlash()]] 的同时也使用[[yii\web\Session::addFlash()]], 因为后一个防范会自动将flash信息转换为数组以使新的flash数据可追加进来,因此, 当你调用[[yii\web\Session::getFlash()]]时,会发现有时获取到一个数组,有时获取到一个字符串, @@ -284,19 +222,13 @@ $alerts = $session->getFlash('alerts'); ## Cookies -Yii represents each cookie as an object of [[yii\web\Cookie]]. Both [[yii\web\Request]] and [[yii\web\Response]] -maintain a collection of cookies via the property named `cookies`. The cookie collection in the former represents -the cookies submitted in a request, while the cookie collection in the latter represents the cookies that are to -be sent to the user. Yii使用 [[yii\web\Cookie]]对象来代表每个cookie,[[yii\web\Request]] 和 [[yii\web\Response]] 通过名为'cookies'的属性维护一个cookie集合,前者的cookie 集合代表请求提交的cookies, 后者的cookie集合表示发送给用户的cookies。 -### Reading Cookies ### 读取 Cookies -You can get the cookies in the current request using the following code: 当前请求的cookie信息可通过如下代码获取: ```php @@ -322,7 +254,6 @@ if (isset($cookies['language'])) ... ``` -### Sending Cookies ### 发送 Cookies You can send cookies to end users using the following code: @@ -332,7 +263,6 @@ You can send cookies to end users using the following code: // 从"response"组件中获取cookie 集合(yii\web\CookieCollection) $cookies = Yii::$app->response->cookies; -// add a new cookie to the response to be sent // 在要发送的响应中添加一个新的cookie $cookies->add(new \yii\web\Cookie([ 'name' => 'language', @@ -345,49 +275,28 @@ $cookies->remove('language'); unset($cookies['language']); ``` -Besides the [[yii\web\Cookie::name|name]], [[yii\web\Cookie::value|value]] properties shown in the above -examples, the [[yii\web\Cookie]] class also defines other properties to fully represent all possible information -of cookies, such as [[yii\web\Cookie::domain|domain]], [[yii\web\Cookie::expire|expire]]. You may configure these -properties as needed to prepare a cookie and then add it to the responses cookie collection. 除了上述例子定义的 [[yii\web\Cookie::name|name]] 和 [[yii\web\Cookie::value|value]] 属性 [[yii\web\Cookie]] 类也定义了其他属性来实现cookie的各种信息,如 [[yii\web\Cookie::domain|domain]], [[yii\web\Cookie::expire|expire]] 可配置这些属性到cookie中并添加到响应的cookie集合中。 -> Note: For better security, the default value of [[yii\web\Cookie::httpOnly]] is set true. This helps mitigate -the risk of client side script accessing the protected cookie (if the browser supports it). You may read -the [httpOnly wiki article](https://www.owasp.org/index.php/HttpOnly) for more details. > 注意: 为安全起见[[yii\web\Cookie::httpOnly]] 被设置为true,这可减少客户端脚本访问受保护cookie(如果浏览器支持)的风险, 更多详情可阅读 [httpOnly wiki article](https://www.owasp.org/index.php/HttpOnly) for more details. -### Cookie Validation ### Cookie验证 -When you are reading and sending cookies through the `request` and `response` components like shown in the last -two subsections, you enjoy the added security of cookie validation which protects cookies from being modified -on the client side. This is achieved by signing each cookie with a hash string, which allows the application to -tell if a cookie is modified on the client side or not. If so, the cookie will NOT be accessible through the -[[yii\web\Request::cookies|cookie collection]] of the `request` component. 在上两节中,当通过`request` 和 `response` 组件读取和发送cookie时,你会喜欢扩展的cookie验证的保障安全功能,它能 使cookie不被客户端修改。该功能通过给每个cookie签发一个哈希字符串来告知服务端cookie是否在客户端被修改, 如果被修改,通过`request`组件的[[yii\web\Request::cookies|cookie collection]]cookie集合访问不到该cookie。 -> Note: Cookie validation only protects cookie values from being modified. If a cookie fails the validation, -you may still access it through `$_COOKIE`. This is because third-party libraries may manipulate cookies -in their own way, which does not involve cookie validation. > 注意: Cookie验证只保护cookie值被修改,如果一个cookie验证失败,仍然可以通过`$_COOKIE`来访问该cookie, 因为这是第三方库对未通过cookie验证自定义的操作方式。 -Cookie validation is enabled by default. You can disable it by setting the [[yii\web\Request::enableCookieValidation]] -property to be false, although we strongly recommend you do not do so. Cookie验证默认启用,可以设置[[yii\web\Request::enableCookieValidation]]属性为false来禁用它,尽管如此,我们强烈建议启用它。 -> Note: Cookies that are directly read/sent via `$_COOKIE` and `setcookie()` will NOT be validated. > 注意: 直接通过`$_COOKIE` 和 `setcookie()` 读取和发送的Cookie不会被验证。 -When using cookie validation, you must specify a [[yii\web\Request::cookieValidationKey]] that will be used to generate -the aforementioned hash strings. You can do so by configuring the `request` component in the application configuration: 当使用cookie验证,必须指定[[yii\web\Request::cookieValidationKey]],它是用来生成s上述的哈希值, 可通过在应用配置中配置`request` 组件。 @@ -401,7 +310,5 @@ return [ ]; ``` -> Info: [[yii\web\Request::cookieValidationKey|cookieValidationKey]] is critical to your application's security. - It should only be known to people you trust. Do not store it in version control system. > 补充: [[yii\web\Request::cookieValidationKey|cookieValidationKey]] 对你的应用安全很重要, 应只被你信任的人知晓,请不要将它放入版本控制中。