Understanding session control in PHP and PHP session control

Understanding session control in PHP and PHP session control

Session control is a communication method that tracks users. session control is mainly based on the following: Due to the stateless nature of http, the association between two requests cannot be established through the Protocol; for the data transmission methods get and post between pages, the transmission of parameters and data input are mainly used for simple data transmission between pages, for a user's multiple pages on the website, different types of data may have different permissions, resulting in different pages and different operation methods, using get and post is cumbersome.

1. cookie Method

To track users, users must be marked. The cookie idea is that when a user accesses the first page of the website, web servers store text files on users' computers. These files are called cookies and stored as key-value pairs, when a user accesses the second page of the website, the user accesses the server with the information contained in the cookie file through the http header and verifies the user information again, this avoids entering user information for each access and determines whether the access between multiple pages is the same user.

Function for setting information to cookie: setcookie ($ key, $ value, $ expire, $ path, $ domain, $ secure ).

The following parameters are used in sequence: Key, value, expiration time (UNIX timestamp. The default value is 0, indicating that the cookie disappears when the browser is disabled), and the path for accessing the cookie, after setting, scripts in this path on the server can access the cookie (the default is the root directory) and the domain name that accesses the cookie, only the domain name (such as www.example.com) the website page under can access the cookie, whether it is an https secure connection to enable the cookie.

For example, some information is recorded after a form is submitted through post.

<? Php if (isset ($ _ POST) {$ time = time (); setcookie ('user', $ _ POST ['user'], $ time + 3600 ); // The time parameter must be greater than the current time point to indicate the effective time of cookie information. setcookie ('data', array (1200, 3), $ time + ); // can store various types of data}

After the cookie is successfully saved, you can directly connect to $ _ COOKIE to obtain this value in the global array with the key name. This is very convenient, for example, echo $ _ COOKIE ['user']. Basic data types are supported.

The deletion of a cookie is still performed through setcookie. It is best to write the time in advance or directly write a key name, such as this operation when the user clicks and exits.

Setcookie ('user', '', time ()-200); // time in advance, relative to the current time setcookie ('user'); // abbreviation, write only the key name

2. session Mode

Session is similar to cookie, but the information is stored on the user end. Now it is saved to the server, but an id is generated on the user end. By default, this id is saved to the user's local cookie, so the session is related to the cookie again. In this way, when the user accesses the web server for the first time, the information is stored on the web server, and a fixed-length string (session id) is randomly assigned to the user. Later, the user will visit other pages, with this id, you can find the corresponding user data in the server, so you can track the user. The session using cookie is called a cookie-based session.

However, users can set the browser to disable cookies (though this is generally not the case). Some websites will force users to enable cookies after detecting the disabled cookies, but this situation exists, in this way, the cookie-based method does not work. In this case, it can be passed by a get form with a session id after the URL. Of course, it can also be passed through http post.

Session usage

First, start a session with session_start. Note: For such network functions, no output is allowed before it, even if it is <? Php identifiers do not have spaces before them (the output must be controlled by ob_start () and output to the cache first ). (Note: Sometimes session_start () will report a warning, which will be discussed later)

Then, register the SESSION variable, that is, to access user information or useful data. You do not need to use any function to directly store the $ _ SESSION ultra-Global Array, for example, if $ _ SESSION ['user'] =$ _ POST [['user'], the data will be saved to a file on the server, of course, it may also be in the cache (memcache, redis.

When you jump to other pages, you must enable the session on other pages. The session is still session_start (). If the session is enabled, this function returns the current session. If not, it is enabled again.

Finally, the user exits or destroys the dialog for some reason and cancels these variables. Take the following four steps:

1. When you enable the session first or jump to another page, the existing session is returned again. Make sure that no output is provided.

Session_start (); // enable or return a session

2. Clear the related variables in the $ _ SESSION array.

Unset ($ _ SESSION ['Robert ']) // destroy a variable $ _ SESSION = array (); // or destroy all SESSION variables at a time

3. Clear the cookie stored on the client. Do not forget that the session id is still on the user's computer.

If (isset ($ _ COOKIE [session_name ()]) {unset ($ _ COOKIE [session_name ()]); // session_name () Get the sesion name, session id is also stored in the form of name and value}

4. completely destroy the information stored on the server

Session_destroy ();

After four steps, a session is completed.

3. The basic steps for using session control are as follows:

1) Start a session

You can call the session_start () function. For more information about the function, see the PHP documentation. Note that this function must be called at the beginning of the session script. If not, all information stored in this session cannot be used in the script. In addition to manually calling the session_start () function, you can also automatically configure PHP to automatically call the function.

2) register a session variable

After PHP4.1, SESSION variables are stored in the super Global Array $ _ SESSION. To create a SESSION variable, you only need to set an element in the array, such as $ _ SESSION ['myvar '] = 5;

3) Use a session variable

It is easy to use a SESSION variable. Use the $ _ SESSION array to access the saved SESSION variable, for example, echo $ _ SESSION ['mywar ']; 5 is printed. Before using a session, you must use the session_start () function to start a session.

4) log out of variables and destroy sessions

You can simply use unset to cancel a variable, such as unset ($ _ SESSION ['myvar']). You can use unset ($ _ SESSION) to destroy all SESSION variables at a time ); after a session is used, you should first cancel all the variables and then call session_destroy () to clear the session ID.