Phpsession working principle analysis

Session is a global variable of the server. Why can it switch between different pages without losing data or saving data on the client? let's take a look at the working principle of session and

Session is a global variable of the server. Why can it switch between different pages without losing data or saving the data on the client? let's take a look at the working principle and usage of the session.

As we all know, http is a stateless protocol. Simply put, the web server does not know who is connected to it. to meet the needs of selective information sending, many extensions have been made based on http to achieve this goal, such as digital signatures, cookies, and sessions.

How can a web server or web program know who is connected now? To solve this problem, we first need to establish a one-to-one correspondence between the server and the client. below I will capture the http content to illustrate how this correspondence is established.

I am using an http packet sniffing tool called httplook, and then create a test under the root directory of the local web server. php file address: http: // localhost/test. php. after everything is ready, I open this page repeatedly through a browser. the code is as follows:

2. Session_start ();
3. If (isset ($ _ SESSION ['test _ sess']) {
4. $ _ SESSION ['test _ sess'] ++;
5. } Else {
6. $ _ SESSION ['test _ sess'] = 0;
7. }
8. Echo $ _ SESSION ['test _ sess'];
9. ?>;

The following are the information sent to the server and the information returned by the server.

Reference: The original post is published by "first request server,The code is as follows:

1. GET/test. php HTTP/1.1
2. Accept :*/*
3. Referer: http: // localhost/
4. Accept-Language: zh-cn
5. Accept-Encoding: gzip, deflate
6. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon;. net clr 1.1.4322)
7. Host: localhost
8. Connection: Keep-Alive

Reference: The original post is published by "the first time the server returns". the code is as follows:

1. HTTP/1.1 200 OK
2. Date: Fri, 26 Aug 2005 07:44:22 GMT
3. Server: Apache/2.0.54 (Win32) SVN/1.2.1 PHP/5.0.4 DAV/2
4. X-Powered-By: PHP/5.0.4
5. Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/
6. Expires: Thu, 19 Nov 1981 08:52:00 GMT
7. Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0
8. Pragma: no-cache
9. Content-Length: 1
10. Keep-Alive: timeout = 15, max = 99
11. Connection: Keep-Alive
12. Content-Type: text/html; charset = utf-8
13. Content-Language: Off

Reference: The original post is published by "second request server". the code is as follows:

1. GET/test. php HTTP/1.1
2. Accept :*/*
3. Referer: http: // localhost/
4. Accept-Language: zh-cn
5. Accept-Encoding: gzip, deflate
6. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon;. net clr 1.1.4322)
7. Host: localhost
8. Connection: Keep-Alive
9. Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3

Reference: The original post is published by "second server return". the code is as follows:

1. HTTP/1.1 200 OK
2. Date: Fri, 26 Aug 2005 07:44:23 GMT
3. Server: Apache/2.0.54 (Win32) SVN/1.2.1 PHP/5.0.4 DAV/2
4. X-Powered-By: PHP/5.0.4
5. Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/
6. Expires: Thu, 19 Nov 1981 08:52:00 GMT
7. Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0
8. Pragma: no-cache
9. Content-Length: 1
10. Keep-Alive: timeout = 15, max = 98
11. Connection: Keep-Alive
12. Content-Type: text/html; charset = utf-8
13. Content-Language: Off

By carefully comparing these outputs, the second request is more than the first request:

Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3

This header will send a cookie to the server, telling the server that there is a cookie named PHPSESSID with the content bmmc3mfc94ncdr15ujitjogma3.

How does this cookie come from? The information returned by the first server includes:

Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/

This is a cookie written by the server to the client browser. The name is PHPSESSID and the value is bmmc3mfc94ncdr15ujitjogma3. The value is actually the so-called session_id.

The second request sent to the server still sends the PHPSESSID cookie to the server.

Next let's take a look at session usage.

Session usage in php: the session in PHP uses the client Cookie by default. when the client Cookie is disabled, it is automatically passed through Query_String.

Php processes a total of 11 session functions. we will introduce several functions in detail.

1. session_start

Function: start a session or return an existing session.

Function prototype: boolean session_start (void );

Return value: Boolean

Function description: This function has no parameters and returns true. It is best to place this function first, and there cannot be any output before it, otherwise an alarm will be triggered, such as: Warning: cannot send session cache limiter-headers already sent (output started at/usr/local/apache/htdocs/cga/member/1.php: 2) in/usr/local/apache/htdocs/cga/member/1.php on line 3

2. session_register

Function: registers a new variable as a session variable.

Function prototype: boolean session_register (string name );

Return value: Boolean value.

Function description: This function adds a variable to the current SESSION in the global variable. the parameter name is the name of the variable to be added. if it succeeds, the logical value true is returned, you can use $ _ SESSION [name] or $ HTTP_SESSION_VARS [name] to set values or assign values.

3. session_is_registered

Function: checks whether a variable is registered as a session variable.

Function prototype: boobean session_is_registered (string name );

Return value: Boolean

Function description: This function checks whether a specified variable has been registered in the current session. the parameter name is the name of the variable to be checked. If the call succeeds, the logical value true is returned.

4. session_unregister

Function: Delete a registered variable.

Function prototype: boolean session_session_unregister (string name );

Return value: Boolean

Function description: This function deletes the variables in the global variables in the current session. The parameter name is the name of the variable to be deleted. if it is successful, true is returned.

5. Session_destroy

Function: ends the current session and clears all resources in the session.

Function prototype: boolean session destroy (void );

Return value: Boolean value.

Function description: This function ends the current session. this function has no parameters and returns true.

The functions described above will be used in the following sections, but there are also some functions related to the session:

6. session_encode

Function: sesssion information encoding

Function prototype: string session_encode (void );

Return value: string

Function description: the returned string contains the names and values of each variable in the global variable, in the form of a | s: 12: "it is a test"; c | s: 4: "lala"; a is the variable name s: 12 represents the value of variable a "it is a test the length is 12 variables are separated by semicolons.

7. session_decode

Function: decodes sesssion information.

Function prototype: boolean session_decode (string data)

Return value: Boolean

Function description: This function decodes session information. if the session information is successful, the logical value true is returned.

8. session_name

Function: Access the current session name.

Function prototype: boolean session_name (string [name]);

Return value: string

Function description: This function can obtain or reset the name of the current session. If the parameter name is not set, the current session name is obtained. if the parameter is added, the session name is set to the parameter name.

9. session_id

Function: Access the ID of the current session.

Function prototype: boolean session_id (string [id]);

Return value: string

Function description: This function can obtain or reset the ID number of the currently stored session. If no parameter id is specified, only the id of the current session is obtained. if a parameter is added, the id of the session is set to the new id.

10. session_unset

Function: delete all registered variables.

Function prototype: void session_unset (void)

Return value: Boolean

Function description: Unlike Session_destroy, this function does not end a session. Just like using the session_unregister function to cancel all session variables one by one

The following conclusions can be obtained:

1. if session is used, the session will be sent to the client browser through cookie.

2. each time a request is sent to the server, the local browser attaches the cookie to the request information.