About PHP and CodeIgniter using Session-cookie method parsing

Here is a PHP and CodeIgniter to use the Session-cookie method (detailed). Content is very good, now share to everyone, but also for everyone to make a reference.

1. Read and write cookies

<1> native

Setcookie (' name ', ' value ', time)

Setup failed with no normal write to browser, test failed for unknown reason

<2>ci Frame

$this->input->set_cookie ("views", "test10", +), echo $_cookie["views"];//This method gets the value, if the value does not exist will be an error, of course, you can first use Isset ($_ cookie["views"])

<3> through Helper

$this->load->helper (' cookie ');//This line is also available in view, casual set_cookie (' views ', ' test10 ', '); Echo Get_cookie )///This method gets the value if not obtained, will return null, no error

2. Read and write session

<1> Native Session

Start:

<?phpsession_start ();? >

Assignment value:

$_session[' views '] = "test20";

Value:

echo "Session:". $_session[' views ';

Survival time:

Session. When the browser is closed, the phpsession in the cookie will be emptied and the next open will regenerate a

Although the server also holds the session. Session expiration time is set in php.ini, see another article php (CodeIgniter) Security Considerations

<2>ci Frame Session

Start:

$this->load->library (' Session ');//load must be completed at the controller, the load must be assigned when the session is to be used: $this->session->views = " Test11 ";

Value:

echo "Session:". $_session[' views ';

Survival time:

The client has a duration of 2 hours, when the session of the server is deleted, because the session ID of the client is still valid, so when it is opened again, the service side will create a session with the same client session ID, Of course it is not important to create a new ID or an old ID, because the ID is the same name, there is no data

<3> Difference

> Two session names are different, one is called phpsession, and the other is called Ci_session

> can only start one, cannot both start

> values are the same

> China do not mix, should completely abandon the original way

> Native phpsession is casually accessible, ci_session is httponly, which means that the native session may be hacked through the XXS, using JS to get the cookie

<4> Exceptional Cases

There is a situation like this:

When there is already ci_session, because this ci_ is persistent

Session_Start ();//session//$this->load->library (' session ') not started,//session$_session[' views ' without starting CI] = " Test23 ";//directly in the original way to assign echo" Session: ". $_session[' views '];//can be properly evaluated "test23"

By looking at the cookie, found that there is no native session exists, can only go to the CI session, then in the server session to find this file, found that the value is not written in if there is a declaration session_start (), he will go native mode, Will recreate a phpsession, and the value will be written in

If nothing is declared, there is no assignment, direct value, then will be error, because to use ci_session must load, we do not load will be error, it is proved that in the original way to assign value, he is equivalent to start the session, enabled the Ci_ Session, but he doesn't have permission to write, which can be said to be a bug

How <5>session Works

Cookie operation is easier to understand, is to write to the user cookie, write what read out is what. As long as the site is a cookie, you can read it by key values.

The value of the session is present on the server, but how do you know which user this value is? By storing the file name of the session in the user's cookie, the saved value is placed in a file with the same name as the server. Stealing the cookie means stealing this, and the important information is on the server, but the theft is done. Therefore, it is not believed that the session-key in the cookie should be authenticated.

Note that writing Session-key to the user's cookie while writing the session is done automatically, and the duration should be configured in the server's php.ini.

The above is the whole content of this article, I hope that everyone's learning has helped, more relevant content please pay attention to topic.alibabacloud.com!