PHP's Cookie, session, and laravel-related information

These two days through the search and understanding of the cookie and session, online about their two basic knowledge points are similar, also collected a few good blog, at the same time do some experiments, have the following several points to understand:

1, Setcookie There are three places to be aware of:

(1) Expire refers to the period of validity of the cookie, previously mixed with the attributes of the cookie MaxAge, thought that the same write a positive number can be, in fact, its time is from the most original time Thu, 01-jan-1970 00:00:01 GMT began to count, so the beginning to write a very small The number can not get to the cookie, in fact, the validity period does not work, the original time plus a small positive number will certainly not exceed the current time, preferably written as follows: Times() + positive .

(2) domain refers to a field that indicates that the cookie set is available under a domain. If set to ". Google.com", all domain names ending with "google.com" can access the cookie. Note the first character must be ".". If you do not write, the default is the domain name of your site.

(3) path refers to a route, and if set to "/sessionweb/", only programs with ContextPath "/sessionweb" can access the cookie. If set to "/", the cookie can be accessed by ContextPath under this domain name. Note that the last character must be "/". If you do not write, the default is "/".

2, set a cookie to refresh or reopen the page to see the cookie, because the first time is set, sent to the client, the client can not carry, the second time will be carried.

3, when using the session, in fact, it first through session_start () constructs the PHPSESSID session ID, and as a cookie to the client, then the client will carry this PHPSESSID cookie,session ID The default is under the domain, so the same browser access to the domain's different page session ID will be the same.

4, for the same connection, if the session is not cleared or expired or closed page,session_start () will only generate one time ID.

5, can be in the php.ini file on the session of the relevant properties to modify, such as session storage mode, storage path, expiration time and so on.

6, Setcookie (Session_name (), ", Time ()-3600, '/'); Delete the locally associated

Cookiesession_unset (); Empty the in-memory cookie or $_session = Array ();

Session_destroy (); Delete the server-side session file

7, you can set the session ID by session_id ().

8, the session can be stored in memory, file or database, in the I/O, performance, storage size, etc. have advantages and disadvantages, only for storage in the data, if not in advance to determine the session format, the database storage is difficult to expand, for multidimensional data comparison trouble, although can be saved very well.

9, for Laravel, according to the online understanding, its session mechanism does not use PHP mechanism, but itself to rebuild a set of its own mechanism, and it each request will be sent laravel_session cookie, so as to avoid being hijacked, to ensure security. and projects under the same domain, if two items are the same, will cause the session conflict to be unable to request further, will be set by their own filtering or security mechanism to deny.

10,Session_set_save_handler("Sess_open", "Sess_close", "Sess_read", "Sess_write", "Sess_destroy", "sess_gc "); Design the session_start () mechanism that you need.

11, thecookie and session settings do not have any output , because they are sent in the form of a request header, HTTP provisions to send the request header can not have content output, otherwise it will error.

PHP's Cookie, session, and laravel-related information