_php tutorial on the session mechanism in PHP

1, the generation mechanism of the session in PHP

Let's start by analyzing how a session is generated in PHP. The purpose of the session is to maintain the various states of each user to compensate for the lack of HTTP protocol (stateless). We now have a question, we all know that the session is saved on the server, since it is used to maintain the state of each user what does it use to differentiate users? This is the time to use cookies. When we call Session_Start () in the code, PHP generates a file for each of the session's directory (the default is/tmp/) and the client's cookie directory. The session file name looks like this:

The format is Sess_{sessionid}, when there is nothing in the session file, when we are in session_start (), add these two lines of code:

$_session[' name '] = ' wanchun0222 ';

$_session[' blog ' = ' coderbolg.com ';

The file then has the content:

Name|s:11: "wanchun0222"; blog|s:13: "Coderbolg.com";

Then look at the cookie:

Can see the server for us automatically generated a cookie,cookie name called "Phpsessid", the cookie content is a string of characters, in fact, this string of characters is {SESSIONID}. Perhaps you already understand that when we use the session, PHP will be a unique SessionID number (such as 2bd170b3f86523f1b1b60b55ffde0f66), and then in our server's default directory to generate a file, the file name is Sess_ {SESSIONID}, while generating a cookie on the current user's client, the content has already been said. In this way, PHP generates a SessionID for each user, i.e. a session file for a user. When PHP first uses the session for a user, it writes a cookie to the client, and when the user accesses it, the browser takes the cookie,php and reads the SessionID in the cookie. Take this sessionid to the session directory to find the session file. When it is found, it is displayed when the $_session[' blog ' is called.

2, the expiration of the session in PHP recovery mechanism

We understand how the session is generated and how it works, and found that there will be many session files in the Session directory. Of course, these files must not always exist, PHP must provide an outdated recovery mechanism. In PHP.ini, Session.gc_maxlifetime set the time to live for the session (default is 1440s). If the last update time of the session file is now more than the lifetime, the session file is considered to be out of date. In the next session, the recovered

The time will be removed. When is the next time the session is recycled? This is related to the number of PHP requests. In PHP internal mechanism, when PHP is requested n times, there will be a trigger recovery mechanism. Exactly how many times a request is triggered is controlled by the following two parameters:

session.gc_probability = 1

Session.gc_divisor = 100

This is the default setting for PHP.ini, which means that every 100 PHP requests are recycled at one time. The probability is gc_probability/gc_divisor. We understand the server-side session expiration mechanism, and then look at the client's cookie expiration mechanism.

If the cookie fails, the browser will naturally not be able to send cookies to the server, even if the server session file exists, because PHP does not know which session file to read. We know that PHP's cookie expiration is set at the time of creation, so how long does PHP create a cookie for the client while creating the session? This is set in php.ini: Session.cookie_lifetime. This value defaults to 0, which means that the browser shuts down SessionID. That means that if we set the Session.gc_maxlifetime and Session.cookie_lifetime to the same value, we can control the expiration time of the session.

3, the client storage mechanism of session in PHP

We know from the above that if the user closes the cookie, then our session will be completely out of work. Yes, that's true. Is the client storage mechanism of session in PHP only a cookie? No. Since our SessionID cannot be passed to each page through cookies, we have another magic weapon, that is, the way to pass the value of the page get.

PHP can automatically pass sessionid across pages when a cookie is disabled, provided the session.use_trans_sid of the php.ini is set to 1. When we use the session when we disable cookies on the client, and when the current page is clicked to link to another page, PHP automatically adds the SessionID parameter to the link, like this: nextpage.php? Sessionid=2bd170b3f86523f1b1b60b55ffde0f66. I think you should see the disadvantage of this way: it seems not safe enough.

: Reprinted from: Blue Hawaii

http://www.bkjia.com/PHPjc/478552.html www.bkjia.com true http://www.bkjia.com/PHPjc/478552.html techarticle 1, the generation mechanism of the session in PHP let us first analyze how to generate a session in PHP. The purpose of the session is to maintain the various states of each user to compensate for the HTTP protocol ...

