Analysis on cookie and session Technology in PHP

Source: Internet
Author: User
Tags set cookie

Analysis on cookie and session Technology in PHP
1. What is a cookie?

Cookie refers to the data (usually encrypted) stored on the user's local terminal for some websites to identify users and track sessions ).

In general, you go to a store or supermarket to buy things, and then the store will give you a membership card. Your identity and purchase information will be stored in this card, and this card will be placed on you. After that, you only need to swipe your card each time you go shopping. You do not need to register or record other information.

Then, we map this section to the web. The supermarket checkout station is the server, and you are the client, and the card you carry is the cookie file in the client, it records your account password and other information.

However, you must note that cookies take effect only when they are used for the second time. That is to say, if you buy things for the first time in the supermarket, someone else will issue a card for you. If you buy it later, you can swipe your card, but before the first purchase, the supermarket did not have any information, so you did not have a card for the first time. The same is true for websites. When logging on to a website for the first time, you must enter the account password and other information before generating a cookie to exist locally for the next use.

At the same time, the cookie also has its own validity period. After the period expires, it becomes invalid and the local cookie file will be automatically deleted. You need to log on again, enter the account password, and then generate a new cookie. This is mainly intended for security considerations.

2. cookie Mechanism diagram.

3. How to use cookies.

(1) set cookie

bool setcookie ( string $name,$value,$expire,$path,$domain,$secure,$httponly  
For example:

setcookie("username","user",0,"/");setcookie("username","user",time()+60*60,"/");

The usage of each parameter is not described. Here we will focus on parsing the time and path in the cookie method set in the above two.

If the time in the first example is 0, it indicates that the survival time is 0. Obviously, it is impossible. It has a special meaning that the cookie validity period ends with the browser being closed. "/" Is included in their paths "/". This means that all contentpaths under the domain name can access the cookie, that is, all pages under the website can track the cookie.

(2) Delete a cookie

setcookie("username","",time()-3600,"/");
And set the cookie, that is, there is no cookie value, the time is earlier than the current time, and then it will not expire.

(3) view cookies

print_r($_COOKIE);
Everyone knows this guy, so it's a waste of your eyes.

----------------------------------------------------------------------------------

----------------------------- I am a split line -------------------------------------------

----------------------------------------------------------------------------------

1. What is a session?

Session refers to the time interval between an end user and the Interaction System. It usually refers to the time between registration and entry into the system and cancellation and exit of the system.

Session principle (from Baidu) (1) When a session is enabled for the first time, a unique identifier is stored in a local cookie. (2) first use the session_start () function. PHP loads the stored session variables from the session repository. (3) When executing the PHP script, register the session variable by using the session_register () function. (4) When PHP script execution ends, session variables that have not been destroyed will be automatically stored in the session library under a certain local path. session in the INI file. save_path is specified. It can be loaded and used when you browse the Web page next time.
In general, you go to the supermarket to buy things. The membership card you run records your information. However, the membership card is not stored here, but stored in the supermarket system as data, once registered, you can use it directly. You can use it directly when you need it. But once you leave the supermarket, the membership card will become useless until your next purchase. At the same time, the unique identifier of this membership card is yourself. No one else can use your membership card. It is easy to understand how to directly check the number.
One major difference between session and cookie is that the session can be used directly after registration, that is, it can be used after the first purchase, and the cookie stores the information into the membership card after the first purchase, and then starts to use it for the second time.

2. Diagram of the session mechanism.

3. session usage.

(1) set the session

session_start();

$_SESSION['username']="user";

You need to enable the session every time before using the session. Generally, you need to open the door first. The difference between setting a session and assigning values to variables is that $ _ SESSION itself is a variable.

(2) Delete A session

This step is a little more than a single sentence in the cookie.

// Enable sessionsession_start (); // cancel sessionsession_unset (); // destroy sessionsession_destroy (); // destroy sessionidsetcookie (session_name (), "", time () -3600 ,"/");
(3) view sessions

print_r($_SESSION);

1. cookie and session advantages and disadvantages.

Cookies are stored on the client and only occupy a few kb of memory. Each time you log on to the website, a local cookie will be taken for verification, saving you from the hassle of Repeated input. But the security is not very high. After all, it is stored in local files. Although all files are encrypted, once computer data is stolen, cookies are likely to be obtained.

Sessions are stored on the server, which occupies a small portion of the memory. However, if the user base is large enough, the server will be overloaded. However, data is stored on servers, which reduces risks. Although there is no impervious wall, the wind can also be very small, this metaphor... Some may wonder whether the sessionid exists locally when the session is used. The answer is no, because the IDs are different each time.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.