Deep analysis of whether the session must rely on cookie_php skills

The session in PHP can be saved by default by using the client's cookie (to distinguish it from the common cookie, which I call the session cookie and the cookie in the ordinary sense) to save the session ID. But does the session in PHP only use the session cookie?

Of course not, or why still get a session out, as a direct use of cookies. One of the great advantages of the session is that when the client's cookie is disabled, it automatically attached to the URL, which is then passed ID can remember the session variable.

Here I write two files to verify that you first set the Disable cookie in the browser.

Copy Code code as follows:

?
File name is test1.php
Session_Start ();
Session_register ("url");
$url = "test2.php";
echo "<a href= $url >goto test2.php</a>";
? ><span style= "Font-family:arial, Helvetica, Sans-serif" > </SPAN>

Copy Code code as follows:

<?//file name is test2.php
Session_Start ();
if (session_is_registered ("url")) {
echo "Congratulations."
$url = "test1.php";
echo "<a href= $url >goto test1.php</a>";
} else
echo "failed."
?>

Now enter "http://localhost/test1.php" in the browser and move the mouse over the link to see the address on the status bar, not simply "http://localhost/test2.php", but this form: "http:// localhost/test2.php?phpsessid=6e3610749f7ded3784bc4a4dd10f879b ".

You can also view the HTML source file, which is the form of the source file:
<a href= "test2.php?phpsessid=6e3610749f7ded3784bc4a4dd10f879b" >goto test2.php</a>
So this is completely PHP credit, and browser-independent, which means that no matter what browser you use the session is effective, rather than some people think that only for IE useful.

However, our hyperlink is that the statement is output by the Echo statement, if the hyperlink is not included in the PHP tag. What happens inside?>? or write an example to verify that the test1.php slightly modified:

Copy Code code as follows:

<?php
Session_Start ();
Session_register ("url");
$url = "test2.php";
echo "<a href= $url >goto test2.php</a>"; >
<a href= "test2.php" > (HTML form) goto test2.php</a>

In the browser type "http://localhost/test1.php", the mouse moved to the two links to see if there is no difference? As you can see, two links are exactly the same, followed automatically by a session Id. So don't worry that the links that aren't included in the PHP tags will fail, and PHP won't be so stupid.

However, be aware that you must first use the Session_Start () function to tell PHP to start using the session, even if you have only HTML code in the file, such as:
? Session_Start ();? >
<body>
<a href=test2.php>gogogo</a>
............

I remember someone said that this advantage can only be played under the Linux/unix, and I use the win2000p+apache1.3.17+php4.0.4pl1,php as the Apache module, but still can. On the contrary, I'm not going to go to Linux to test it. is actually at compile time an option--ENABLE-TRANS-SID control whether this function is useful. and PHP defaults to compile when this feature is not turned on, Just add it when you recompile. My configuration is apache1.3.17+php4.0.4pl1,php as Apache module, after the Linux recompile with Netscape navigator4.7 test can pass (this is more proof of browser-independent ).

Only session can not be used across windows, even if you enable cookies, when you have a valid session ID in a window (recorded in the session cookie, not the URL), and then open a new window into the same page, You'll have a new session ID, and it will not affect the previous window.

To use the same session ID across Windows, you can only specify the session ID after the URL, that is, if you copy the URL of the window with the session ID, paste it in the newly opened window, or use it anyway. Knowing the session The principle of ID to achieve a cross window session is not difficult, you can combine cookies with the session, first get the current legal session ID, and then record it in a cookie, Read the cookie in another window to get the current session ID.