Cookies and sessions, generally considered to be two separate things, the session is in the server-side to maintain the state of the scheme, and cookies are used in the client to maintain the state of the scheme. But why disable cookies cannot get session. Because the session is used to determine the server sessions for the current conversation with the sessions ID, and the sessions ID is passed by cookie, disabling the cookie is equivalent to losing it.
is not a cookie to disable, the session must not use it.
1. ASP
In ASP, the session must rely on cookies to be available, the session is stored on the server side, and cookies are stored on the client, relative to the security and reliability of the session is higher than the cookie.
2. PHP
In PHP, with the associated configuration, the session does not rely on cookies to exist. This is because:
session, stored on the server side (default file storage session), according to the client provided the session ID came to the user's file, get the value of the variable, session ID can use the client's cookie or Http1.1 protocol Query_ String (that is, the "?" of the URL that is accessed) Later) to the server, and then the server reads the directory of the session .... In other words, the session ID is the identity card that gets the session variable stored on the service. When the Code session_start (), the runtime, on the server generated a session file, followed by a unique corresponding session ID, the definition of the session variable in a certain form stored in the session file just produced. With the session ID, you can take out the defined variables. After the page spread, in order to use the session, you must also execute session_start (), and will produce a session file, corresponding to produce the corresponding session ID, with this session The ID is not a variable in the first session file mentioned earlier, because the session ID is not the key to open it. If the code session_id ($session ID) is preceded by the session_start (), the new session file is not generated and the session file corresponding to this ID is read directly.
The session in PHP by default uses the client's cookie to save the sessions ID, so when the client's cookie has a problem, it will be affected. It is important to note that the session does not have to rely on cookies, which is a clever place to compare cookies to. When a client's cookie is disabled or a problem occurs, PHP automatically attaches the session ID to the URL, so that the session variable can be used across the page with the session ID. However, this attachment also has certain conditions, that is, "Session.use_trans_sid = 1 in php.ini", or open the "--enable-trans-sid" option at compile time.
Friends who have used the forum know that when entering the forum, often prompts you to check whether the cookie is open, this is because most of the forum is based on cookies, the forum with it to save user names, passwords and other user information, easy to use. And many friends think cookies are unsafe (not really) and often disable them. In fact, in the PHP program, we can use session to replace cookies, it can not rely on whether the client to open cookies.
So, we can put aside cookies using session, that is, if the user turned off the cookie in the case of using session, the implementation of the following methods:
1. Set the "Session.use_trans_sid = 1" In the php.ini configuration file, or open the "--enable-trans-sid" option at compile time, allowing PHP to pass the session ID automatically across pages.
2. Manually pass a value through the URL, hide the form pass session ID.
3. Save the session ID in the form of a file, database, etc., and call it manually during the spread process.
Route 1 provides an example of:
--------------------------------------------------------------------------------------------------------------- ----
<?php
s1.php
Session_Start ();
$_session[' var1 ']= "People's Republic of China";
$url = "<a href=" http://laiguowei2004.blog.163.com/blog/. "" s2.php "> Next page </a>";
echo $url;
?>
--------------------------------------------------------------------------------------------------------------- ----
--------------------------------------------------------------------------------------------------------------- ----
<?php
s2.php
Session_Start ();
echo "passes the session variable var1 value of:". $_session[' var1 '];
?>
--------------------------------------------------------------------------------------------------------------- ----
Run the above code, in case the client cookie is normal, you should be able to get the result "People's Republic of China".
Now you manually close the client's cookie, and then run, may not be the result of it. If you do not get the result, set the "Session.use_trans_sid = 1" In the php.ini file, or open the "--enable-trans-sid option" at compile time, and get the result "People's Republic of China".
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.