PHPsession and cookie technology

Source: Internet
Author: User
Tags php session php book
The session principle and application of PHPer in the process of learning sessions and cookies are mostly for beginners. The following is some of the content of session and cookie sorting by the author. the following content is for PHP beginners, it is a very good learning resource. I believe there is not a PHP book that describes session and cookie in such detail. of course, the author's level is limited. if the understanding is incorrect, please contact us

Session and cookie technology

PHP implements session PHP to implement cookie

PHP session and cookie learning

The session principle and application of PHPer in the process of learning sessions and cookies are mostly for beginners. The following is some of the content of session and cookie sorting by the author. the following content is for PHP beginners, it is a very good learning resource. I believe there is not a PHP book that describes session and cookie in such detail. of course, the level of my understanding is limited. if you have any incorrect understanding, please leave a message in time. thank you!

Cookie and session learning

Cookie concept: a cookie stores data on a remote browser to track and identify users.
Session: In computer terminology, session refers to the time interval between an end user and the interaction system, it usually refers to the time that passes from registration to entry into the system to logout from the system. Therefore, session is actually a specific time period concept.

Cookie working principle: accept "A text file. when remote browser A accesses server B again (assuming the corresponding cookie file is not deleted), the browser analyzes the cookie file in the temporary directory, search for the cookie file of the corresponding domain name and directory, and parse the file into a standard request and send it to server B. server B analyzes the request header to find the cookie data, server B generates personalized webpages based on cookie data. Through the above process, we can track and identify users. cookie technology stores data on a remote browser, with a low security level and is not suitable for storing sensitive data.

Session working principle: when remote client A requests server B, server B starts A session, at the same time, a session ID is generated to uniquely identify a string sequence of the current session and a text file that stores session data (in this case, session data is stored in a text file, in addition, session data can also be saved to the database. server B responds to A request from A remote browser and sends A response header containing A cookie to remote client A (Here we discuss session ID passing through A cookie, in addition, the session ID can also be passed through the url). The cookie name is the session name set by server B, and its value is the session ID, and the cookie is A session cookie (stored in the browser process memory and not stored in the hard disk text file). when remote client A requests server B again, remote Client A sends the cookie data that saves the session ID to server B, server B obtains the session ID, and searches for the corresponding text file that saves the session data in the temporary directory of server B based on the session ID, if the data is found, the data in the Read session can communicate normally. if the data is not found, the corresponding error is processed (for example: User login is required ). Through the above process, the user can communicate with the server. session technology requires cookie technology. session data is stored on the server, which is safer and more reliable.

Cookie technology implemented by PHP

1. setcookie (string $ name [, string $ value [, int $ expire = 0 [, string $ path [, string $ domain [, bool $ secure = false [, bool $ httponly = false]) function: Send a cookie parameter: $ name cookie name, this means that you can access COOKIE data through $ _ cookie [$ name] $ value cookie value $ expire cookie's effective time, which is a unix timestamp, usually set to time () + the integer value $ path indicates that the cookie is valid in the $ path directory. $ domain indicates the valid domain of the cookie. for example, if xudianyang.gicp.net $ secure is true or 1, the cookie is valid on the https connection, "false" or "0" is valid for both http and https connections $ httponly. this parameter is added in PHP5.2, true or 1 indicates that the cookie is understood only in the http protocol, which means that a scripting language like javascript cannot understand the cookie. if it is false or 0, the return value is not limited: Boolean value. true is returned successfully, returns false if the request fails. note: a function similar to the setcookie function is setrawcookie (string $ name [, string $ value [, int $ expire = 0 [, string $ path [, string $ domain [, bool $ secure = false [, bool $ httponly = false]). The difference between this function and setcookie is that, setrawcookie: the cookie data is url encoded. 2. to delete a cookie, you only need to send the same cookie and change the effective time of the cookie to a previous time. access cookie data through the Super global variable $ _ COOKIE array. The key value of this array is the cookie name (note: the value of the variables_oder project in the configuration file includes C, the system will resolve the cookie sent by the browser to the $ _ COOKIE variable)

 

 

PHP session technology

 

1. session_cache_expire ([int $ expire]) function: sets or returns php. session in the ini configuration file. cache_expire project value. if the $ expire parameter is provided, the corresponding value is set; otherwise, the corresponding value parameter $ expire is returned as the set session. the value of cache_expire. the unit is minute. return value: integer value, session. note: php. session in the ini configuration file. cache_expire sets the cache time of the session page on the client. this project is subject to php. ini configuration file session. cache_limiter Project Impact, session. cache_limiter is used to set the cache control mode of the session page on the client. its values can be public, private, and private_no_expire. in nocache, the public server will send the Expires: (s Ometime in the future, according session. cache_expire) Cache-Control: public, max-age = (sometime in the future, according to session. cache_expire, in seconds) Last-Modified: the http response header of the Last modification time (in GMT format) of the file and can be cached by the proxy server and client. the private server will send Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: private, max-age = (session. cache_expire in the future), pre-check = (session. cache_expire in the future) Last-Modified: Last modification of the file The http response header of the time (GMT) can be cached by the client. the private_no_expire server will send the Cache-Control: private, max-age = (session. cache_expire in the future), pre-check = (session. cache_expire in the future) Last-Modified: the http response header of the Last modification time (GMT format) of the file and can be cached by the client, the difference between private and private_no_expire is that private_no_expire can make the client understand correctly. the nocache server will send Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, Pre-check = 0 Pragma: the http response header of no-cache disables the client from caching session pages. cache_expire value is the session. the value of cache_expire is public, private, and private_no_expire. the ini configuration file contains sessions. cache_expire configuration item, so if you want to change the session when the script is running. the value of cache_expire. you must call session_cache_expire () 2 before calling session_start. session_cache_limiter ([string $ cache_limiter]) function: sets or returns the cache control mode parameters for the current session Page: $ cache_limiter can be public, private, private_no_expire, one of nocache For details, see session_cache_expire () returned value: string type Note: session_start () is valid only when session_cache_limiter () is called before session_start. session_write_close (void) function: write session data to end session parameter: no return value: no note: session_start () is valid only when session_write_close () is called. the alias function of this function is session_commit () 4. session_encode (void): encodes the current session data into a string parameter: no return value: string, returns a encoded string, if you do not call some functions, PHP will automatically write the encoded string to the session file. note: session_start () is valid only when session_encode () is called. session_decode (string $ data) function: sets session_e Ncode () encode the current session data parameter: $ data is session_encode (). encode the current session data and return the string value: Boolean. true is returned for success. false is returned for failure. note: session_start () session_decode () is valid. 6. session_destroy (void) function: undo so the data parameter of the registered member variable: no return value: Boolean value; true is returned for success; false is returned for failure. Note: When session_destroy () is called () previously, please delete the sent session ID from the client by calling setcookie (session_name (), '', time ()-42000), session_destroy () the session ID will be deleted and the files or records that the server stores session data will be deleted. session_start () will be valid only when session_destroy () is called. session_get_cookie_params (void Function: return session cookie information parameter: void return value: array, array format: array ('lifetime' => 0, // The validity period 0 indicates that the cookie is a session cookie, and the session cookie indicates that the life cycle of the cookie is from the start of the session to the end of the session (close the browser) 'path' => '/', // valid directory 'domain '=> '', // valid domain 'Secure' => false, 'httponly '=> false,) 8. session_id ([string $ id]) function: return or set the session ID parameter: if the session ID is set, $ id is the set value. return value: session_start () then you can call session_id ($ id) to make it valid. 9. session_is_registered (string $ name) function: checks whether a session variable has a registered parameter: $ name is the session variable name. Returned value: Boolean value note: This function has been deprecated since PHP 5.3.0. We strongly recommend that you do not apply this function 10. session_module_name ([string $ name]) function: sets or returns the name of the session storage module. by default, files stores session data in the file system, when it is a user, the user-defined method will be used to store session data parameters: $ name is the set storage module name returned value: String Type 11. session_name ([string $ name]) function: sets or returns the name of the current session. The value is used as the session cookie name parameter: $ name indicates the set session name. return value: string Type 12. session_regenerate_id ([bool $ delete_old_session = false]): update the current session ID with the newly generated session ID and keep the current session information parameters: $ delete_old_session: if the value is true, the old session ID is deleted. if the value is false, the old session ID is not deleted. return value: Boolean value 13. session_save_path ([string $ path]) function: sets or returns the save path parameter of session data. $ path indicates the set path. return value: string type. note: session_start () is called before session_save_path () only valid 14. session_get_cookie_params (int $ lifetime [, string $ path [, string $ domain [, bool $ secure = false [, bool $ httponly]) function: set session cookie parameters: $ lifetime is the effective time of the cookie. an integer value is measured in seconds. $ path is the valid directory of the cookie. $ domain is the valid domain of the cookie. $ When secure is set to 1 or true, it is valid only for https connections, if the value is 0 or false, both http and https connections are valid. $ httponly is 1 or true, only http connections or https connections are valid. This means that scripting languages like javascript cannot understand the cookie return value: note: session_start () is valid only when session_set_cookie_params () is called. session_set_save_handler (callback $ open, callback $ close, callback $ read, callback $ write, callback $ destroy, callback $ gc) function: sets the function handle parameters for custom session data storage: $ open (string $ save_path, string $ name) function: function parameter used to open the resource for storing session data. this function requires two parameters. The first parameter is session. save_path is the path for storing session data. The second parameter is session. name is the session name. These two parameters are the values automatically transmitted by PHP: Boolean. true is returned for success, and false is returned for failure. $ close function: Disable function parameters for resources storing session data: no return value: Boolean value. true is returned for success. false $ read (string $ id) is returned for failure. function parameters for reading session data: This function requires a session parameter. id is the session ID. this parameter is automatically returned by PHP: string type. this function always returns a string, even if it is an empty string $ write (string $ id, string $ value) function: function parameter for writing session data: This function requires the first parameter session of two parameters. the id is the session ID. The second parameter is the written session data. The two parameters are the return values automatically transmitted by PHP: Boolean value. true is returned for success and false is returned for failure, note that this function cannot be output. to debug the function, output it to the file $ destroy (string $ id). function: undo the session variable parameter: This function requires a parameter, session. id indicates the return value of the session ID: Boolean. true is returned if the session id is successful. false $ gc (int $ lifetime) is returned if the session ID fails. function: clear invalid session parameters. this function requires a parameter, $ lifetime is session. the value of gc_maxlifetime, that is, the return value of the effective time of the session: Boolean value, true is returned for success, false16.session _ start (void) is returned for failure. function: initialize session parameter: no return value: Boolean value, true is returned successfully, and false is returned when a session page is created. note: Generally, you must first call session_start () to create a session. because an HTTP header is sent when a session is created, therefore, there cannot be any output 17 before session_start. session_unset (void) function: undo all SESSION variable parameters: no return value: no note: If $ _ SESSION is used, you can use unset ($ _ SESSION ['name']), undo a single SESSION variable. do not try unset ($ _ SESSION). This will make $ _ SESSION unavailable 18. session_write_close (void) function: write session data and end session parameters: no return value: None

 

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.