Working Principle and usage of sessions

I have been using session to store data. I have never summarized the usage and working principles of the session. I will sort it out here today. The introduction here is mainly based on the php language

I have been using session to store data. I have never summarized the usage and working principles of the session. I will sort it out here today.

The introduction here is mainly based on the php language. operations in other languages may be different, but the basic principle remains unchanged.

1. how to operate the session in php:

Session_start (); // use this function to enable the session function.

$ _ Session // use predefined global variables to operate data

Use unset ($ _ session ['key']) // destroy the value of a session

In simple operations, everything is implemented by the server; because the processing is in the background, everything looks safe. But what kind of mechanism does the session adopt and how does it maintain the session state?

2. session implementation and working principle

The browser and server use http stateless communication. to maintain the client status, use session to achieve this goal. But how does the server mark different clients or users?

Here we can use an example in our daily life. if you have met many people at a party, how will you differentiate different people! You may use a unique identifier based on your face, user name, or ID card. In the session mechanism, such a unique session_id is used to mark different users. The difference is that the server generates the session_id for each browser request.

A brief introduction of the process: when the client accesses the server, the server sets the session as needed, stores the session information on the server, and transmits the session_id of the session to the client browser, the browser saves the session_id in the memory (there are other storage methods, such as writing it in a url), which is called a cookie with no expiration time. After the browser is closed, the cookie is cleared, and no temporary cookie file exists.

In the future, the browser will add this parameter value for each request, and the server will be able to obtain the client data status based on this session_id.

If the browser of the client closes unexpectedly, the session data stored on the server is not immediately released, and the data will still exist. as long as we know the session_id, we can continue to obtain the session information through the request; however, at this time, the background session still exists, but the session is saved with an expiration time. if no client request is received after the specified time, the session will be cleared.

The following describes the session storage mechanism. The Default session is saved in files, that is, session data is saved as a file. In php, session. save_handler is configured based on php. ini to save the session.

Here, by the way, if we want to use server lvs, that is, multiple servers, we generally use the memcached session method. otherwise, some requests will not be able to find the session.

A simple memcache configuration:

Session. save_handler = memcache

Session. save_path = "tcp: // 10.28.41.84: 10001"

Of course, if files must be cached, we can make the file nfs and locate all the stored session files in one place. The session-id returned to the user is stored in the memory. here we can also set the parameter to save it in the user url.

3. instance problems

Existing systems a and B. assume that system a is a web system that can run independently and can directly process sessions with the browser. System B is mobile-based and needs to call the functional interfaces of System, if a does not change, that is, login verification and session storage remain unchanged, B can process the requests of the front-end users. The solution provided here is to use php to return the session-id of the saved session to System B after the user logs in successfully. then, System B sends session_id to other interfaces each time.

System A adds session_id (session_id) before session_start );
In this way, System B can safely call.

The session function also has

Session_cache_expire-return current cache expire

Session_cache_limiter-get and/or set the current cache limiter

Session_commit-alias of session_write_close

Session_decode-decodes session data from a string

Session_destroy-destroys all data registered to a session

Session_encode-encodes the current session data as a string

Session_get_cookie_params-get the session cookie parameters

Session_id-get and/or set the current session id

Session_is_registered-find out whether a global variable is registered in a session

Session_module_name-get and/or set the current session module

Session_name-get and/or set the current session name

Session_regenerate_id-update the current session id with a newly generated one

Session_register-register one or more global variables with the current session

Session_save_path-get and/or set the current session save path

Session_set_cookie_params-set the session cookie parameters

Session_set_save_handler-sets user-level session storage functions

Session_start-initialize session data

Session_unregister-unregister a global variable from the current session

Session_unset-free all session variables

Session_write_close-write session data and end session