Understanding and analyzing the PHP session mechanism from the manual

Source: Internet
Author: User
Tags php session cron script drupal

Session. save_handler = files
1. session_start ()

Session_start () is the beginning of the session mechanism. It has a certain probability to enable garbage collection because the session is stored in the file and PHP's garbage collection is invalid, the SESSION is recycled to delete files. This probability is based on php. ini configuration depends, but some systems are session. gc_probability = 0, which means the probability is 0, but garbage collection is implemented through the cron script.Copy codeThe Code is as follows: session. gc_probability = 1
Session. gc_divisor = 1000
Session. gc_maxlifetime = 1440 // The default expiration time is 24 minutes.
// The probability is session. gc_probability/session. gc_divisor. Result 1/1000,
// It is not recommended to set too small because session garbage collection requires checking whether each file has expired.
Session. save_path = // It seems that different systems have different default values. One of the following settings is "N;/path"
// This is a random Hierarchical Storage. In this case, garbage collection does not work and you need to write your own scripts.

Session checks whether $ _ COOKIE [session_name ()]; session_name () returns the COOKIE key value for saving session_id. This value can be obtained from php. ini finds the session. name = PHPSESSID // default value: PHPSESSID

If it does not exist, a session_id is generated, and the generated session_id is passed to the client as the COOKIE value. the following COOKIE operation is performed. Note that the setcookie () operation is performed in this step. The COOKIE is sent in the header, which cannot be output before, PHP has another function session_regenerate_id (). If this function is used, no output is available.Copy codeThe Code is as follows: setcookie (session_name (),
Session_id (),
Session. cookie_lifetime, // The default value is 0.
Session. cookie_path, // The default '/' is valid in both the current program and directory.
Session. cookie_domain, // null by default
)

If yes, session_id = $ _ COOKIE [session_name]; then, find the file named 'sess _ '. session_id () in the folder specified by session. save_path. Read the file content deserialization and put it in $ _ SESSION.

2. assign a value to $ _ SESSION

For example, if a new value $ _ SESSION ['test'] = 'blah' is added, this $ _ SESSION will only be maintained in the memory. When the script execution ends, write the $ _ SESSION value to the folder specified by session_id, and then close related resources.

In this phase, you may change the session_id, for example, destroy an old session_id and generate a new session_id. half is used for custom session operations and role conversion, such as Drupal. anonymous Users of Drupal have a SESSION. After logon, they need to replace the New session_id.Copy codeThe Code is as follows: if (isset ($ _ COOKIE [session_name ()]) {
Setcookie (session_name (), '', time ()-42000, '/'); // The old session cookie expires.
}
Session_regenerate_id (); // This step generates a new session_id
// Session_id () returns a new value.

3. Write SESSION

At the end of the script, the SESSION write operation will be executed to write the $ _ SESSION value to the session_id named file, which may already exist and may need to be created.

4. Destroy the SESSION

The COOKIE sent by the SESSION is generally an instant COOKIE, which is stored in the memory and will expire only when the browser is closed. If the user needs to forcibly expire, such as logging out, rather than closing the browser, the SESSION needs to be destroyed in the Code. There are many methods:

Setcookie (session_name (), session_id (), time ()-8000000,...); // execute before logging out
Usset ($ _ SESSION); // This will delete all $ _ SESSION data. After refreshing, a COOKIE is sent, but no data exists.
Session_destroy (); // This function is more thorough. Delete $ _ SESSION to delete the session file and session_id.
If the browser is not closed, refresh again. Cookies are sent from both 2 and 3, but no data is found.

Session. save_handler = user
User-Defined session processing mechanism, more intuitive session_set_save_handler ('open', 'close', 'read', 'write', 'deststroy', 'gc ');

Session_start (): Execute open ($ save_path, $ session_name) to open the session operation handle. $ Save_path in the case of session. save_handler = files, it IS session. save_path. However, if you do not use these two parameters, TRUE is returned directly. Execute read ($ id) to read data from it. // this parameter is automatically passed as session_id () and can be operated through this value.

The script execution is complete. Run the write ($ id, $ sess_data) // two parameters, which are very simple.

If the user needs session_destroy (), run destroy first, and then perform step 2.

An example:Copy codeThe Code is as follows: // called during SESSION Initialization
Function open ($ save_path, $ session_name)
{
Global $ sess_save_path;
$ Sess_save_path = $ save_path;
Return (true );
}

// Called when disabled
Function close ()
{
Return (true );
}

Function read ($ id)
{
Global $ sess_save_path;
$ Sess_file = "$ sess_save_path/sess _ $ id ";
Return (string) @ file_get_contents ($ sess_file );
}
// Execute the write operation before the script execution ends.
Function write ($ id, $ sess_data)
{
Echo "sdfsf ";
Global $ sess_save_path;

$ Sess_file = "$ sess_save_path/sess _ $ id ";
If ($ fp = @ fopen ($ sess_file, "w ")){
$ Return = fwrite ($ fp, $ sess_data );
Fclose ($ fp );
Return $ return;
} Else {
Return (false );
}

}

Function destroy ($ id)
{
Global $ sess_save_path;

$ Sess_file = "$ sess_save_path/sess _ $ id ";
Return (@ unlink ($ sess_file ));
}

Function gc ($ maxlifetime)
{
Global $ sess_save_path;

Foreach (glob ("$ sess_save_path/sess _ *") as $ filename ){
If (filemtime ($ filename) + $ maxlifetime <time ()){
@ Unlink ($ filename );
}
}
Return true;
}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.