Session is a conversational technology that is based on cookies and is more secure than cookies.
1.session principle
, the session will send a session ID to the client, and at the same time set up a session data area on the server, the client submits the session ID at the request, and the server finds it in the session data area through the session ID. The client only has a session ID, it has a certain timeliness, the important information is still stored on the server, so the session will be more secure.
2. Operation of the session
session_set.php
<?php//define the storage path of session data file, the default is C:\Windows\temp under WindowsSession_save_path (GETCWD (). Directory_separator.' temp '); @session_start ();EchoSESSION_ID ().";//Add$_session[' name '] =' Tom ';$_session[' age '] = +;$_session[' height '] =75.5;$_session[' edu '] =' Primary School ';//Modify$_session[' age '] = A;//ReadVar_dump ($_session);//Deleteunset($_session[' edu ']);Echo "; Var_dump ($_session);?>
Take a look at the file where the session holds the data:
The contents of the session data area are saved by the serialized string, then deserialized when read, and the session supports a variety of data type storage, while the cookie only supports string.
Client cookie property settings in 3.seesion
The session is cookie-based and must have a session ID cookie stored on the client, and the server can set the cookie's properties to tell the browser how to generate the cookie:
<?php//defines the storage path for the session data file, which is C:\Windows\tempsession_save_path (GETCWD () by default under Windows. Directory_separator.' temp '); Session_name ("Myphpsessid")///Set Session_cookie name, default is phpsessid/** *session_Set_cookie_params ($lifetime,$path,$domain,$secure,$httponly) *$lifetimeint sets the validity period of the client cookie, at the end of the default session *$pathString to set a valid path for the cookie, by default'/', Optional Parameters *$domainString set valid field, optional parameter *$secureBoolean whether to send cookies only under HTTPS defaultfalse, Optional Parameters *$httponlyBoolean whether cookies are used only in HTTP defaultfalse, optional parameter *///set cookie expiration date -SEC Session_Set_cookie_params ( -,'/','. phpcode.com ',false,false); @session_start ();EchoSESSION_ID ().";$_session[' name '] =' Tom ';? >
Note: The session_set_cookie_params must be set before Session_Start ().
4.session Data area garbage collection settings
Data in session data area with the user's access to the server will generate more and more garbage data, so there must be garbage scanning and garbage cleanup. Of course, the server can not always go to scan which data is out of date, so the server loss is very large, so it must be a certain probability to trigger, to determine that the garbage will be cleaned out.
<?phpSession_save_path (GETCWD (). Directory_separator.' temp ');//Set cookie valid for 60 secondsSession_set_cookie_params ( -,'/','. phpcode.com ',false,false) ;//Set to server being requested 3 times 1 times may trigger GC for garbage collectionIni_set (' session.gc_probability ',' 1 '); Ini_set (' Session.gc_divisor ',' 3 ');//default 1440 seconds after the garbage (last write + 1440 seconds), GC, the session ID corresponding to the session data area deleted//Set to 10 seconds after garbageIni_set (' Session.gc_maxlifetime ',' Ten '); @session_start ();Echosession_id ();$_session[' name '] =' Tom ';Echo "; Var_dump ($_session);?>
The following two parameters are set to trigger the probability of a garbage scan
ini_set (' session.gc_probability ', ' 1 ');
ini_set (' Session.gc_divisor ', ' 3 ');
Set how long it takes to be garbage and can be recycled
Ini_set (' Session.gc_maxlifetime ', ' 10 ');
5. How to disable cookies using the session
<?php//define the storage path of session data file, the default is C:\Windows\temp under WindowsSession_save_path (GETCWD (). Directory_separator.' temp ');//Set the following two items before Session_StartIni_set (' Session.use_only_cookies ',' 0 '); Ini_set (' Session.use_trans_sid ',' 1 '); @session_start ();Echosession_id ();//Add$_session[' name '] =' Tom ';Echo "; Var_dump ($_session);Echo ";include ' show.html ';?>
Show.html
<! DOCTYPE html><html> <head> <meta charset="UTF-8"> <title>Insert Title here</title> </head> <body> <a href=' session_get_no_cookie.php '>Forbidden Cookies</a> <form Method="POST" action="session_get_no_cookie.php"> <input type="Submit" value="Submit"/> </form> </body></html>
session_get_no_cookie.php
<?php // Defines the storage path for the session data file, which is C:\Windows\temp Session_save_path (GETCWD () by default under Windows. Directory_separator. ); if (isset ($_get [])) {session_id ($_get [ ' PHPSESSID ' ]);} else if (isset ($_post [])) {session_id ($_post [ PHPSESSID ' ]);} echo session_id (). ; session_start (); Var_dump ($_session );
6.session How to persist
In general, the session does not advocate persistence.
If you want to persist, set the following:
session_set_cookie_params(PHP_INT_MAX);ini_set(‘session.gc_maxlifetime‘, PHP_INT_MAX);#注意一定要在session_start前设置!!
7.session and cookie differences and links
Contact:
Session is stored in a cookie based on Cookie,session-id, the cookie data is stored on the client browser, and the session main data is placed on the server.
Difference:
The session of PHP