2018/04/21 Summary of Session and cookie knowledge in PHP

In the later work and study, but also found their own basic knowledge of the not solid, and then return to the head to learn, indeed a lot of things are not noticed before or not mastered.

Focus on these questions

--

What is a Cookie?

In simple terms:

Because HTTP is stateless, so in order to save some data on the client to interact with the server, we need to store some data on the client, that is, cookies.

How does PHP set cookies?

Take a look at the official PHP definition for setting the Cookie function

BOOL Setcookie (String $name [, String $value = "" [, int $expire = 0 [, String $path = "" [, String $domain = "" "[, BOOL $secure = False [, bool $httponly = false]]] []])

Describe the meaning of the parameters in Setcookie ()

　　The name of the Cookie is set by the $name , as the name implies.

　　$value Set the value of this Cookie.

　　$expire Sets the expiration time of the cookie, or if it is not set or empty, it means that the cookie is destroyed when the browser is closed.

Note that this time is the real end time, should be in your current time + expiration time to complete the unit in seconds.

For example:

Setcookie (' name ', ' Hong.li ', Time () + 7*24*3600); Expires one week after the current time.

　　$path Cookie is a valid server path. The default value is the current directory when the Cookie is set.

When set to '/' , the Cookie is valid for the entire domain name domain .

If set to '/foo/', the Cookie is only domain valid for the /foo/ directory and its subdirectories (such as /foo/bar/).

　　$domain set up cross-domain.

　　$secure whether to accept only HTTPS from the Cookie, the default is false;

　　$httponly Whether to accept only the HTTP protocol sent by the cookie, do not allow JS to directly manipulate the cookie, can effectively prevent XXS attacks, but also can be set in the php.ini.

--

In addition to Setcookie this method, there are other ways to set a cookie?

Yes, of course. One of the other functions of PHP setting cookies

BOOL Setrawcookie (String $name [, String $value [, int $expire = 0 [, String $path [, String $domain [, bool $secure = f Alse [, bool $httponly = FALSE]]]]

The only difference between it and Setcookie is that Setcookie will urlencode encode the value, and he won't.

The second way is to send an HTTP header directly, specifying Set-cookie, in the browser, will think you are setting the cookie property

Let's see if your browser has this Cookie.

--

How do I delete cookies that we have set up?

Browser manual removal, haha ~

Cookies are deleted when the cookie is set to expire directly via PHP.

--

Already have a Cookie can set the information, we still use the SESSION what?

We all know that a Cookie exists on the client side. Is easy to tamper with, and also can not use a client's credentials to determine the user identity bar.

Pull away ...

In short, the use of Cookie information is far from enough, the SESSION is a service side of a storage state.

--

What is the SESSION principle?

After the session is started, the browser accesses this page.

1: The server will detect if there is a SESSION.

2: If not, a random phpsessid is generated, and a cookie is sent automatically, which disappears after closing the browser.

3: If there is, read the corresponding SESSION information.

--

How do I use the session?

In PHP we first need to initialize the SESSION.

Session_Start ();

You can then add the $_session to this global variable or our values.

$_session[' username '] = ' hong.li ';

Then we can take the corresponding value.

It is important to note that while we are using the default Cookie, we have saved the session_id information, but this information will disappear after closing the browser, and we obviously do not want to do so. So we're going to use setcookie here to set up our information.

Setcookie (' username ', ' hong.i ', Time () +3600);

--

2018/04/21 Summary of Session and cookie knowledge in PHP