A detailed introduction to the SessionID processing mechanism in Laravel

This article mainly introduces about the laravel in the SessionID processing mechanism of the relevant information, the text through the sample code introduced in very detailed, to everyone's study or work has a certain reference learning value, the need for friends below with the small series to learn together.

Objective

This article mainly introduces about the laravel in the SessionID processing mechanism of related content, share out for everyone reference study, the following words do not say, come together to see the detailed introduction bar.

The session Cookie name can be set in Laravel configuration file config/session.php, for example, the setting name in this project is "Sns_session":

/*|--------------------------------------------------------------------------| Session Cookie name|--------------------------------------------------------------------------| | Here's the name of the cookie used to identify a session| instance by ID. The name specified here'll get used every time a| New Session cookie is created by the framework for every driver.| */' cookie ' = ' sns_session ',

We can see the Refresh page, look at the cookie, we will find a cookie named Sns_session, the name is our custom.

This SessionID is a bridge between the cookie and the session, and the server uses this SessionID to determine which client's request is coming from.

Laravel SessionID Change Every time the refresh occurs

However, each time you refresh the page, the cookie value will change! So how does the server keep the conversation? Because your sessionid is always changing.

Laravel to encrypt a cookie

Let's debug in the Vendor/laravel/framework/src/illuminate/session/store.php Save method and print the call stack here:

/** * {@inheritdoc} */public function Save () {$this->addbagdatatosession ();  $this->ageflashdata ();  $this->handler->write ($this->getid (), $this->prepareforstorage (Serialize ($this->attributes));  $this->started = false;  DD (Debug_backtrace (debug_backtrace_provide_object,5));}

Each time the page is refreshed, the id attribute of the Store object is actually unchanged, and this property is the value of the SessionID cookie. In other words, the value of SessionID is not changed every time, but when the cookie is written, the value is changed.

The Encrypt method in vendor/laravel/framework/src/illuminate/cookie/middleware/encryptcookies.php found the cause of this middleware for all cookies The value is encrypted and is included in the Web middleware.

protected function Encrypt (Response $response) {foreach ($response->headers->getcookies () as $cookie) {if ($this- >isdisabled ($cookie->getname ())) {  continue;}  $response->headers->setcookie ($this->duplicate (  $cookie, $this->encrypter->encrypt ($cookie- >getvalue ()))); } return $response;}

This encryption method is the result of each encryption is different, so the performance of the value of SessionID each time has changed, but actually did not change. The cookie will be decrypted when it is needed.

The Laravel framework is designed to prevent session hijacking! Consideration is still more comprehensive!

Other supplementary knowledge

Native PHP Settings Session name

Session_name () function:

<?php/* Set the session name to WebSiteID */$previous _name = Session_name ("WebSiteID"); echo "The previous session name was $previous _name<br/>";? >

session_name()The function returns the current session name. If you specify the name parameter, the session_name() function updates the session name and returns the original session name.

When the request starts, the session name is reset and stored to the session.name configuration item. Therefore, to set the session name, for each request, you need to call the session_start() function before the call or session_register() function session_name() .

The difference and relationship between a cookie and a session

• Cookie is stored on the client, while session is saved on server side

• The session is more secure in terms of security

• From the perspective of the type of content saved, the cookie only saves the string (and can automatically convert to a string)

• From the size of the saved content, the content of the cookie is limited, smaller, And the session basically does not have this limitation

• From a performance point of view, with the session, the pressure on the server will be greater.

• Seeion relies on cookies, but if cookies are disabled, You can also pass a

through a URL