Analysis of the implementation of the session in PHP and the application of large Web sites should pay attention to the problems _php skills

PHP Session Principle
We know that the session is a way to keep the data on the user's sessions on the server side, and the corresponding cookie is to keep the user data on the client. HTTP protocol is a stateless protocol, the server after the response has lost the contact with the browser, the earliest, Netscape introduced cookies into the browser, so that the data can be exchanged across the page, then the server is how to remember many users of the session data?

The first step is to establish a one by one connection between the client and the server, and each client must have a unique identity so that the server can recognize it. There are two ways to suggest a unique identification: a cookie or a get-way designation. PHP with the default configuration creates a cookie called "PHPSESSID" (which can be specified by php.ini modify the Session.name value), and if the client disables cookies, you can also specify that the session The ID is uploaded to the server (modifying parameters such as Session.use_trans_sid in php.ini).

We look at the server-side Session.save_path directory and find a lot of files like sess_vv9lpgf0nmkurgvkba1vbvj915, which is actually the session ID. Vv9lpgf0nmkurgvkba1vbvj915″ the corresponding data. The truth is here, the client will pass the session ID to the server, the server according to the session ID to find the corresponding file, read the contents of the file when the deserialization of the value of the session, save the first serialization and then write.

This is the case, so if the server does not support session or you want to customize the session, can be DIY, through the PHP uniqid generated never repeat session ID, and then find a place to store the content of the session, You can also learn Flickr to store sessions in the MySQL database.

Why do I have to perform session_start () before using session?
Understand the principle, the so-called session is actually a session ID server side of the session file, the new session before the implementation of Session_Start () is to tell the server to plant a cookie and prepare the session file, otherwise your session content how to save; Read session before executing session_start () is to tell the server, hurriedly according to session The ID deserializes the session file.

Only one session function can be executed before session_start (), Session_name (): Read or specify the session name (for example, the default is "Phpsessid"), which of course is performed before Session_Start.

session affects system performance
sessions do affect system performance on large traffic sites, and one of the reasons for performance is caused by file system design, In the same directory more than 10,000 files, the location of the file will be very time-consuming, PHP support Session Directory hash, we can modify the php.ini Session.save_path = "2;/path/to/session/dir", Then the session will be stored in the level two subdirectory, each directory has 16 subdirectories [0~f], but as if the PHP session does not support the creation of a directory, you need to create a few directories beforehand.

also has a problem is the efficiency of small files, generally our session data is not too large (1~2k), if there are a large number of such 1~2k files on disk, IO efficiency will be very poor, PHP manual recommended to use ReiserFS file system, But the prospect of ReiserFS, ReiserFS the author of the daughter-in-law to kill, SuSE also abandoned ReiserFS. There are many ways to store sessions in

, which can be viewed by php-i|grep "registered save handlers," such as registered save handlers => files user sql Ite Eaccelerator can be saved through files, users, SQLite, Eaccelerator, and if the server is memcached, there are options to MMCache. Of course, there are many, such as MySQL, PostgreSQL and so on. is a good choice.

Session Synchronization
We may have many servers at the front end, users login on a server, the session information, and then visit certain pages of the site can skip to B server up, If there is no session information on the B server at this time and no special treatment is done, there may be a problem.
There are many kinds of session synchronization, if you are stored in memcached or MySQL, it is easy to specify the same location, if the file form, you can use NFS Unified storage.

There is another way to do this is through an encrypted cookie, where the user logs on a server successfully, an encrypted cookie is planted on the user's browser, and when the user accesses the B server, there is no session, if there is no problem, if not, To verify that the cookie is valid and that the cookie is valid, the session is rebuilt on the B server. This method is actually very useful, if the site has a lot of sub channels, the server is not a computer room, the session can not sync and want to do a unified login that would be too useful.

Of course there is a way to maintain the session at the load balancing level, to bind the visitor to a server, all of his access on that server does not need to synchronize sessions, these are operational dimensions of things. Say so much, according to their application to choose to use the session, do not because everyone said session Impact system performance on the timid, know the problem, solve the problem is the key, can not afford to hide from the right here.