Session detailed analysis

　

Transfer from Https://www.cnblogs.com/blueskycc/p/5524709.html?tdsourcetag=s_pcqq_aiomsg

The HTTP protocol is the protocol that the Web server communicates with the client (browser), which is a stateless protocol. The so-called stateless, refers to the HTTP request data is not maintained, the HTTP request is independent, non-persistent. And more and more complex web applications, need to save some user state information. At this time, this program should be born. PHP supports session management from 4.1 onwards.

Session Store

First, why we need a session is because we need to store the state data for each user.

First, the default mechanism, using disk files to implement the PHP session. PHP.ini configuration: Session.save_handler = Files

Session Execution Process

1,session_start ()

A, session_start () is the beginning of the session mechanism, it has a certain probability to turn on garbage collection, because the session is stored in the file,
PHP itself garbage collection is not valid, the session of the recycling is to delete files, this probability is based on the configuration of PHP.ini,
However, some systems are session.gc_probability = 0, which means that the probability is 0, but instead of using a cron script to implement garbage collection.

Session.gc_probability =1
Session.gc_divisor =1000
Session.gc_maxlifetime =1440//Expiration Time default 24 minutes
The probability is session.gc_probability/session.gc_divisor result 1/1000,
It is not recommended to set too small because the session garbage collection is required to check whether each file is out of date.
Session.save_path =//as if different system defaults are not the same, there is a setting is "N;/path"
This is a random tiered storage, this kind of word, garbage collection will not work, need to write their own scripts

B, the session will determine whether there is currently $_cookie[session_name ()];session_name () returns the COOKIE key value that holds the session_id,
This value can be found from php.ini

Session.name = PHPSESSID//default value PHPSESSID

C, if it does not exist, generates a session_id and then passes the generated session_id as the value of the cookie to the client.
is equivalent to performing the following cookie operation, note that this step performs a setcookie () operation, the cookie is sent in the header,
There is no output before this, PHP has another function session_regenerate_id () If you use this function, you cannot have output before.

Setcookie (Session_name (),
session_id (),
session.cookie_lifetime,//Default 0
session.cookie_path,//default '/' current program and directory are valid
session.cookie_domain,//default is empty
)

D, if there is so session_id =$_cookie[session_name];
Then go to session.save_path the specified folder to find the name ' Sess_ '. session_id () file.
The contents of the read file are deserialized and then placed in the $_session

2. Assigning values to $_session
For example, add a new value $_session[' test ' = ' blah '; Then this $_session will only be maintained in memory, when the script execution is finished,
Write the value of the $_session to the folder specified in session_id, and then close the related resource. At this stage it is possible to perform changes to the session_id operation,
such as destroying an old session_id, creating a new session_id. Half used in custom session operations, role conversions,
For example, Drupal.drupal's anonymous user has a session, and when it logs in, it needs to be replaced with a new session_id

if (Isset ($_cookie[session_name ())) {
Setcookie (Session_name (), ", Time ()-42000, '/');//old session cookie expired
}
SESSION_REGENERATE_ID ();//This step will generate a new session_id
SESSION_ID () returns a new value

3. Write Session operation
At the end of the script will perform session write operation, the value of $_session to write to the session_id named file, may already exist,
You may need to create a new file.

4. Destroy session
The cookie that is sent by the session is usually an instant cookie that is stored in memory and expires when the browser is closed, and if it is forced to expire manually,
For example, to log out instead of closing the browser, you need to destroy the session in the code, there are many ways
1. Setcookie (Session_name (), session_id (), Time () -8000000,..); /Log out before execution
2. Usset ($_session);//This will delete all the $_session data, after the refresh, there is a cookie passed, but no data.
3. Session_destroy ();//This function is more thorough, delete $_session Delete session file, and session_id

When the browser is not closed, refresh again, 2 and 3 will have a cookie to pass, but no data found

Summarize:

1, the user logs off the Web application system, the best way to call is Session_unset ();  Session_destroy (); Unset ($_session);

2, try to fill in the keys and values into the $_session, but not the recommended use of Session_register (). Similarly, use unset ($_session[' var ') as much as possible without using Session_unregister ().

3, for Web applications that can generate a large number of sessions, the recommended format for Session.save_path is Session.save_path= "N:/path". Note: These directories need to be created manually and have the httpd daemon as the main write permission. This will get better performance.

4, if session_regenerate_id () is called, a new session ID is assigned to the user. The function does not actively delete the old session file, it needs to clean up the old session file regularly, so it is more optimized.

5, try not to use Session_commit () to submit sessioin data, because it will also end the current session,php default will be in the page life cycle when the session data submitted to the session file

Session Detail Analysis (GO)