Detailed explanation of how PHP session is stored

Confirm that the session is automatically open or need to be opened manually by Session_Start ():

; Specifies whether the session module starts a session automatically when the request starts. Default is 0 (not started)

; Initialize session on request startup.

; Http://php.net/session.auto-start

Session.auto_start = 0

At the client, the session can be stored either in a cookie or through a URL parameter. Server-dependent configuration:

; Specifies whether to store the session ID with a cookie on the client. Default is 1 (enabled)

; Whether to use cookies.

; Http://php.net/session.use-cookies

Session.use_cookies = 1

; Specifies whether the session ID is stored only by using cookies on the client. Enabling this setting prevents the attack from passing the session ID through the URL.

; This option forces the PHP to fetch and use a cookies for storing and maintaining

; The session ID. We encourage this operation as it's very helpful in combatting

; Session hijacking the specifying and managing your own session ID. It is

; Not the "end" all is all of the sessions hijacking defense, but it ' s a good start.

; Http://php.net/session.use-only-cookies

Session.use_only_cookies = 1

If you are sure that you are storing it in a cookie, you can go to a point where configuration sessions are stored in cookies, such as Cookie_name,cookie_lifetime,cookie_path,cookie_domain,cookie_secure, Cookie_httponly

; Name of the session (used as cookie name).

; Http://php.net/session.name

Session.name = Phpsessid

; Lifetime in seconds of cookies or, if 0, until browser is restarted.

; Http://php.net/session.cookie-lifetime

Session.cookie_lifetime = 0

; The path for which the cookies is valid.

; Http://php.net/session.cookie-path

Session.cookie_path =/

; The domain for which the cookies is valid.

; Http://php.net/session.cookie-domain

Session.cookie_domain =

; Whether or not to add the HTTPONLY flag to the cookie which makes it inaccessible to browser scripting languages as Javascript.

; Http://php.net/session.cookie-httponly

Session.cookie_httponly =

On the server side, you can also store sessions in a variety of ways. The default session is stored in a file, at which point Session.save_path is the path to create a stored file.

; Handler used to store/retrieve data.

; Http://php.net/session.save-handler

Session.save_handler = Files

; Argument passed to Save_handler. In the case of files, this is the path

; Where data files are stored. Note:windows users have to change this

; Variable in order to use PHP

' s session functions.

;

; The path can be defined as:

;

; Session.save_path = "N;/path"

;

; Where N is an integer. Instead of storing all the sessions files in

; /path, what this would do are use subdirectories n-levels deep, and

; Store the session data in those directories. This is useful if you

; Or your OS have problems with lots of files in one directory, and is

; A more efficient layout for servers that handle lots of sessions.

;

; Note 1:php won't create this directory structure automatically.

; You can use the script in the Ext/session dir for that purpose.

; Note 2:see the garbage collection below if you choose to

; Use subdirectories to session storage

;

; The file storage module creates files using mode by default.

; You can change this by using

;

; Session.save_path = "N; Mode;/path "

;

; Where mode is the octal representation of the mode. This is the note

; Does not overwrite the process ' s umask.

; Http://php.net/session.save-path

; Session.save_path = "/tmp"

PHP supports custom open, close, read, write, destroy, GC processing functions via Session_set_save_handler for session processors, common session processors include using memory allocations such as MM, Memcache, etc.), you can also use a database for storage. Thus, if session storage is required to work in conjunction with a file system, such as the database PostgreSQL session Save handler or the default file store files, it is possible that a user-customized session processor will lose sessions that do not store data. If you use memory allocation storage, you need to consider session persistence storage issues.

Next, focus on Memcache (d?) Session processor.

The Memcache module provides a convenient process-oriented and object-oriented interface for memcached, memcached a resident process caching product that results from loading data from a database for dynamic Web applications.

The Memcache module also provides a session processor (Memcache).

For more information on memcached, see»http://www.memcached.org/.

Memcached is a high-performance distributed memory object caching system, which is often used to reduce database loading pressure to improve the response speed of dynamic Web applications.

This extension uses the APIs provided by the Libmemcached library to interact with the memcached server. It also provides a session processor (memcached). It also provides a session processor (memcached).

More information about libmemcached can be viewed in»http://libmemcached.org/libmemcached.html.

Memcache Session Processor configuration:

Session.save_handler = Memcache

Session.save_path = "tcp://127.0.0.1:11211?persistent=0&weight=1&timeout=1&retry_interval=15,tcp:// 127.0.0.1:11212?persistent=0&weight=1&timeout=1&retry_interval=15,tcp://127.0.0.1:11213?persistent =0&weight=1&timeout=1&retry_interval=15,tcp://127.0.0.1:11214?persistent=0&weight=1& Timeout=1&retry_interval=15 "

The database processor can be implemented using the session pgsql (this extension is considered to be no longer maintained). You can also use other databases to implement session storage, but you need to customize the processor function function.session-set-save-handler.php. The specific custom processor can be seen at the Maria at junkies Dot JP.