Analysis of Cookie and session technology in PHP

What is 1.cookie?

Cookies are data (usually encrypted) stored on the user's local terminal by certain websites in order to identify the user and track the session.

Popular to understand is that you go to a store or supermarket to buy things, and then the store for you to do a membership card, in the future, your identity and purchase information are present in this card, and this card put on your body. Then every time you go shopping, you only need to swipe the card, you do not have to register or record other information.

Then this paragraph mapped the web, the supermarket checkout desk is the server side, and you are the client, you carry the card is the presence of the client's cookie file, which records your account password and other information.

Note, however, that the cookie will only take effect when it is used for the second time, that is, when you buy something for the first time in the supermarket, someone will give you a card, you can buy it later, but before the first purchase, the supermarket does not have any information about you, so you have no card at all for the first time. Site also, the first time to login to a website, of course, to enter the account password information, and then to generate a cookie exists locally for the next use.

At the same time, the cookie also has its own validity period, after the expiration of the expired, the local cookie file will be automatically deleted. You need to log in again, enter your account password, and then generate a new cookie. The main purpose of this is to consider security.

2.cookie mechanism diagram.

3.cookie how to use it.

(1) setting Cookies

BOOL Setcookie (String $name, $value, $expire, $path, $domain, $secure, $httponly  

For example:

Setcookie ("username", "user", 0, "/"), Setcookie ("username", "user", Time () +60*60, "/");

The usage of each parameter is not explained. Here is the focus on the two above to set the cookie mode in the time and path.

The time in the first one is 0 in, does it mean that the survival time is 0. Obviously impossible, it has a special meaning, which means that the expiration of the cookie expires with the browser closing. They put a "/" in their path. This means that all Contentpath under this domain name can access cookies, which means that all pages under this site can track this cookie.

(2) Delete cookies

Setcookie ("username", "", Time ()-3600, "/");

and set cookies One thing is that without the value of a cookie, the time is earlier than the current time, and then it expires.

(3) View cookies

Print_r ($_cookie);

This guy is sure to understand, just waste your eyes.

----------------------------------------------------------------------------------

-----------------------------I'm a split line-------------------------------------------

----------------------------------------------------------------------------------

What is 1.session?

A session is a time interval between an end user communicating with an interactive system, usually the time elapsed between registering and logging out of the system.

How the Session works (pick-up from Baidu) (1) When a session is first enabled, a unique identifier is stored in a local cookie. (2) First, using the Session_Start () function, PHP loads the stored session variables from the session repository. (3) When executing a PHP script, register the session variable by using the Session_register () function. (4) When the PHP script executes, the non-destroyed session variable is automatically saved in the session library under the local path, which can be specified by the Session.save_path in the php.ini file and can be loaded the next time the page is browsed.
In fact, in layman's terms, you go to the supermarket to buy things, run the membership card to record your information, but the membership card is not saved in your here, but the way the data exist in the supermarket system, once registered can be used directly. You can use it directly when you need it. But once you leave the supermarket, the membership card loses its usefulness until your next purchase. At the same time, the unique identity of this membership card is yourself, no one else can use your membership card. The direct seat is very well understood.
a big difference between a session and a cookie is that it is used directly after the session registration, that is, the first purchase is available, and the cookie is credited to the membership card after the first purchase, and then the second time it is started.

2.session mechanism diagram.

3.session how to use it.

(1) Setting session

Session_Start ();

$_session[' username ']= "user";

Each time you need to open a session before using the session, you usually need to open the door first. When setting the session and assigning a value to the variable is not much different, in fact, $_session itself is a variable.

(2) Delete session

This relative step is a bit more, rather than a cookie inside a sentence to get it done.

Open Sessionsession_start ();//Cancel Sessionsession_unset ();//Destroy Sessionsession_destroy ();// Simultaneously destroys the Sessionidsetcookie (Session_name (), "", Time ()-3600, "/") in the local cookie;

(3) View Session

Print_r ($_session);

1.cookie and Session pros and cons.

The cookie itself is stored in the client and consumes only a few kilobytes of memory. Each time you log in to the website, you will be authenticated with a local cookie, eliminating the hassle of repetitive typing. But security is not very high, after all, is stored in the local files, although all are encrypted, once the computer data is stolen, the cookie is likely to be obtained.

The session is stored in the server, although the memory is small, but the user base is large enough, the server will cause a lot of load. However, the data is placed on the server, and the risk is much lower. Although foolproof, but the wind can be very small and small, this analogy ... Some students may doubt that when the session is used, there will be sessionid existing locally, once the access can be logged in. The answer is, of course, negative, because each time the ID is different.

Analysis of Cookie and session technology in PHP