Analysis of the session mechanism of PHP

This article mainly introduces the PHP session technical aspects of the article.

1.session.save_handler = Files

1. Session_Start ()

(1) session_start () is the beginning of the session mechanism, it has a certain probability to open garbage collection, because the session is stored in the file, PHP itself garbage collection is invalid, the session of the recovery is to delete files, This probability is based on the php.ini configuration, but some systems are session.gc_probability = 0, which means that the probability is 0, but the cron script is used to implement garbage collection.

session.gc_probability = 1
Session.gc_divisor = 1000
Session.gc_maxlifetime = 1440//expiration default 24 minutes
Probability is session.gc_probability/session.gc_divisor result 1/1000,
It is not recommended to set too small, because the session garbage collection, you need to check whether each file expires.
Session.save_path =//As if different systems default, one setting is "N;/path"
This is random tiered storage, this kind of word, garbage collection will not work, need to write their own script

(2) The session will determine whether there is currently a $_cookie[session_name ()];session_name () that returns the COOKIE key value of the saved session_id.
This value can be found from php.ini

Session.name = PHPSESSID//default value PHPSESSID

(3) If there is no existence will generate a session_id, and then the generated session_id as a cookie value passed to the client, the equivalent of the following cookie operation, note that this step to perform the Setcookie () operation, Cookies are sent in header headers, which cannot have output before, and PHP has another function session_regenerate_id () If this function is used, it cannot have output before.

Setcookie (
Session_name (),
session_id (),
session.cookie_lifetime,//Default 0
session.cookie_path,//default '/' current program and directory are valid
session.cookie_domain,//default is empty
)

(4) If there is so session_id = $_cookie[session_name]; then go to Session.save_path designated folder to find the file named ' Sess_ '. session_id (), read the contents of the file deserialize , and then put it in the $_session.

2. Assigning values to $_session

For example, add a new value $_session[' test ' = ' blah '; Then this $_session will only be maintained in memory, and when the script is finished, write the $_session value to the session_id specified folder, and then close the associated resource. It is possible to perform changes to session_id at this stage, such as destroying an old session_id and generating a new session_ The ID. Half is used in custom session operations, the role of the conversion, such as Drupal.drupal Anonymous user has a sessions, when it is logged in need to change the new session_id

<?php
if (Isset ($_cookie[session_name ())) {
	Setcookie (session_name (), ', Time ()-42000, '/'); old session Cookie Expiration
}
session_regenerate_id ()//This step will generate a new session_id
//session_id () returns a new value     

3. Write Session operation

The session write operation is performed at the end of the script, the $_session value is written to the session_id named file, may already exist, and a new file may need to be created.

4. Destroy session

Session sent cookies are generally an instant cookie, stored in memory, when the browser is closed, will expire, if you need to force expiration, such as the exit login, rather than close the browser, then need to destroy the session in the code, there are many ways:

Setcookie (Session_name (), session_id (), Time ()-8000000, ...); /exit Pre-Logon execution
Usset ($_session)//This will delete all the $_session data, after refreshing, there is a cookie passed, but no data
Session_destroy ()//This role is more thorough, delete $_session Delete session file, and session_id

When the browser is not closed, refresh again, 2 and 3 will have a cookie passed, but no data found

2.session.save_handler = user

User-defined session processing mechanism, more intuitive

Session_set_save_handler (' open ', ' close ', ' read ', ' write ', ' destroy ', ' GC ');

(1) session_start (), execute open ($save _path, $session _name) opens the session operation handle, $save _path in Session.save_handler = In the case of files it is Session.save_path, but if the user is determined, this two parameters are not used, return true directly.

The execution of Read ($id) reads from the data.//This parameter is automatically passed is session_id (), which can be manipulated by this value.

(2) The execution of the script completes, executing write ($id, $sess _data)//two parameters, very simple.

(3) If the user needs to Session_destroy (), first execute destroy, in the implementation of step 2nd, a practical example:

<?php
//session Call
function open ($save _path, $session _name) {
	Global $sess _save_path when initialized;
	$sess _save_path= $save _path;
	return (TRUE);
}

Call
function Close () {return
	(true) when closing;

function Read ($id) {
	global $sess _save_path;
	$sess _file= "$sess _save_path/sess_$id";
	Return (String) @file_get_contents ($sess _file);
Before the execution of the script completes, the Write action
function write ($id, $sess _data) {
	echo "SDFSF";
	Global $sess _save_path;
	$sess _file= "$sess _save_path/sess_$id";
	if ($fp = @fopen ($sess _file, "W")) {
		$return =fwrite ($fp, $sess _data);
		Fclose ($FP);
		return $return;
	} else{return
		(FALSE);
	}

function Destroy ($id) {
	global $sess _save_path;
	$sess _file= "$sess _save_path/sess_$id";
	Return (@unlink ($sess _file));
}

Function GC ($maxlifetime) {
	global $sess _save_path;
	foreach (Glob ("$sess _save_path/sess_*") as $filename) {
		if (Filemtime ($filename) + $maxlifetime < time ()) {
			@unlink ($filename);
		}
	}
	return true;
}