Cookie Usage Analysis of PHP session operations and php session cookie usage

Cookie Usage Analysis of PHP session operations and php session cookie usage

This document analyzes the usage of PHP cookies. We will share this with you for your reference. The details are as follows:

Session technology: cookie

Technology that allows server scripts to store data in a browser,
Allows the server to send commands to the browser to manage cookie data stored in the browser.
If the browser stores the cookie data stored by a server, the cookie data will be included in the request.

// Add or modify setcookie (key, val); // Delete setcookie (key, ''); // obtain cookie data carried by the browser $ _ COOKIE [key]

Features:

Validity Period:

The default value is a temporary cookie, which is also called a session cookie. When the session ends (the browser is closed), it is cleared. The life cycle can be determined by setting the timestamp (starting from the first second of January 1, 1970). The browser end time is based on Greenwich Mean Time (GMT ).

Setcookie (key, val, time () + 60); // the browser checks whether the setcookie (key, val, 0) is invalid for 1 minute ); // default session setcookie (key, '', time ()-1); // Delete cookiesetcookie (key, val, PHP_INT_MAX); // logically indicates permanent validity

Valid path:

It is valid in the current path and its descendant path by default. (The path is not the local disk path of the file where the code is located, but the path relationship of the url request)
Cookies with the same name in different paths can be stored in the browser at the same time. The browser first searches for valid cookies in the current directory and then searches up. All valid cookies will be carried to the server, when a $ _ COOKIE is formed on the server, the rewrite effect is displayed,
You can set the fourth parameter of setcookie () to '/' to indicate that the site root directory is valid, that is, the entire site is valid. The valid path is determined by the browser. When the valid path is set, the server notifies the browser

setcookie(key,val,0,'/');

Valid domain:

The default cookie is only valid in the current domain.

You can extend the cookie's valid domain to all subdomains under a level-1 domain name.

Me.com // The first-level domain name lig.me.com // The second-level domain name bee.me.com // The second-level domain name setcookie (key, val, 0, '', 'Me. com ');

Secure Transmission?

By default, effective cookies are carried to the server regardless of the http and https protocols sent by the browser.

You can set the sixth parameter to true to enable secure transmission only. In this case, if the browser sends requests over http, these cookies will not be sent, apache must load the openssl module to use the https protocol.

setcookie(key,val,0,'','',true);

HTTPonly

Scripts stored in the default browser can be called and processed by other scripts.
By setting 7th parameters, you can only use cookies in http requests.

setcookie(key,val,0,'','',false,true);

Note:

The cookie value can only be string type.
The cookie key can be written as an array subject.
No output before setcookie () (output_buffering)