12-4-Session Technology

b/S request is stateless without memory, any between the request there is no connection between, can not keep the request! That's why session technology is needed to link the Web files. Session technology has a cookie, session.

Cookies

Cookies leave some data on the user's browser, which is called from the browser when the data is needed, so that the data can be linked to each page.

Cookies are less secure because the data exists on the browser side and can be modified by the user.

Setcookie (' name ', value, validity, valid path, valid domain, whether only secure transmission)

Change: The direct name is the same, the value is different.

Delete: The value is ' (null).

Check: $_cookie Super Global array variable to invoke and query

$_cookie[' name ']

About validity period: the period of validity of a cookie is set to the end of the session by default, and the time stamp is used for the definition, so it is defined with a duration of seconds. When the validity period is set to time ()-1, the method for removing cookies is standard. You can also use the PHP_INT_MAX definition to be valid for permanent (2038)

About valid paths: Specifies a valid script scope for the cookie, valid for the specified directory and subdirectory, and the parent directory is invalid. The service is set to '/' to make the whole station valid.

About valid domains: The valid domain of a cookie is saved based on the domain name, and the current site is assumed to be valid.

Therefore, in order for each subdomain to share cookies, you need to set the valid domain as a first-level domain name

About secure transport: divided into true and false. True when transmitting via SSI encrypted only secure transport, the default value is

False

About Httponly:cookie is data only, so it can be processed by other scripts, setting this to allow cookies

Can only be processed by PHP. Also classified as only HttpOnly true and default value false.

The value of a cookie only supports string types. Numbers cannot be set, and other types are converted to character types.

Session

Similar to cookies, but the data is stored on the server side and is more secure.

When the user accesses the server, the server opens up a session data area to store the data, names the data and returns an ID to the browser, and, on the next visit, the server invokes the data by identifying the different IDs.

Business requirements set the session's opening to a separate script file instead of all scripts.

The Open function is: session_start ()

Session data manipulation is done by $_cookie this predefined hyper-global array variable.

property settings before Session_Start is turned on

Session_set_cookie_params ()

The business needs to be set to: session_set_cookie_params (validity seconds, '/', ' first-class domain name ')

Session data type can be any type (through serialization and re-storage)

$_session subscript only supports strings and does not support indexing

Remove one: unset ($_session[' subscript ')

Empty: $_session = Array ()

Destroyed: Session_destroy ()

	Cookies	Session
Storage location	Browser	Server
The amount of data that the browser carries	Many	less (carry only Session-id )
Security	Lower	Higher
Types of data stored	String only supported	Any type
The amount of data transferred	Limited, 4k	Unlimited
The default valid path	Current directory and its subdirectories	The whole station is valid

12-4-Session Technology