问题
I'm getting mad with the fact that a client could change cookie values, because I realized that everything on my website was pretty unsecure.
Before I just setted a cookie with an expire time, and I was sure that a given user would have kept a particular property (such as "logged in" or "he has this privilege") for that exact amount of time (unless he cleared the cache).
Now that I have to switch everything to sessions, which doesn't have an expire time.
So, while for the login I implemented the access token which is compared with the hash inside the database, I don't know what to do with everything else (I can't implement an access token system for every single session variable).
How can I set an expire time to one single variable session? (so not something like this).
I tried to set another variable containing the expire time, but since it is a session too it could expire at any moment breaking down everything.
来源:https://stackoverflow.com/questions/61252130/set-expire-time-for-session-variables