1. what is Session?
2. the Session starts when the user accesses the page and ends when the user is disconnected from the website to form a Session lifecycle. During a session, assign a unique SessionID to identify the current user and distinguish it from other users.
3. during a Session, SessionID is saved on both the client and the server, and is saved using a temporary Cookie (the Cookie name is PHPSESSID) on the client or transmitted through a URL string, the server side is also saved as a text file in the specified Session directory.
4. the Session accepts each access request by ID to identify the current user, track and maintain the user's specific information, and Session variables (during the Session activity, you can store numbers or texts in the Session ), for example, session_name. the variable information is stored on the server.
5. SessionID can be saved to the database as Session information for Session persistence. This allows you to track the login times, online or not, and online time of each user.
Session. name = PHPSESSID; name of the session used in the cookie
• Session. save_handler = files; control method for saving/retrieving data
• Session. save_path =/tmp; the parameter passed to the controller when save_handler is set to a file, which is the path to save the data file.
• Session. use_cookies = 1; whether to use cookies
How to operate sessions in php:
Session_start (); // use this function to enable the session function.
$ _ SESSION // use predefined global variables to operate data
Use unset ($ _ SESSION ['key']) // destroy the value of a session
In simple operations, everything is implemented by the server; because the processing is in the background, everything looks safe. But what kind of mechanism does the session adopt and how does it maintain the session state?
Here, by the way, if we want to use server lvs, that is, multiple servers, we generally use the memcached session method. otherwise, some requests will not be able to find the session.
A simple memcache configuration:
| The code is as follows: | |
| Session. save_handler = memcache Session. save_path = "tcp: // 10.28.41.84: 10001" |
|
Of course, if files must be cached, we can make the file nfs and locate all the stored session files in one place.
The session-id returned to the user is stored in the memory. here we can also set the parameter to save it in the user url.
Why do I have to execute session_start () before using session ()?
After learning about the principle, the so-called session is actually a session id on the client side and a session file on the server side. executing session_start () before creating a session tells the server to implant a cookie and prepare the session file, otherwise, how to store your session content? before reading the session, executing session_start () tells the server to deserialize the session file according to the session id.
Only one session function can be executed before session_start (). session_name (): reads or specifies the session name (for example, the default value is "PHPSESSID"). This must be executed before session_start.
Session affects system performance
Session does affect system performance on websites with high traffic. one of the reasons that affect performance is caused by the file system design. when there are more than 10000 files under the same directory, file locating takes a lot of time, PHP supports session directory hash. we can modify php. session in ini. save_path = "2;/path/to/session/dir", the session will be stored in two subdirectories, each of which has 16 subdirectories [0 ~ F], but it seems that PHP session does not support creating directories. you need to create these directories in advance.
Another problem is the efficiency of small files. Generally, our session data is not too large (1 ~ 2 K), if there are a large number of such 1 ~ 2 K files are stored on disks, and I/O efficiency will be poor. we recommend that you use the Reiserfs file system in the PHP Manual. However, the prospect of Reiserfs is worrying. The author of Reiserfs killed his daughter-in-law, suSE also abandoned Reiserfs.
In fact, there are many ways to store sessions, which can be viewed through php-I | grep "Registered save handlers, for example, Registered save handlers => files user sqlite eaccelerator can be stored through files, users, sqlite, and eaccelerator. if memcached is installed on the server, mmcache is available. Of course there are many more such as MySQL and PostgreSQL. They are all good choices.
Session synchronization
We may have many front-end servers. users have logged on to server A and planted session information. then, some pages on the website may jump to server B, if there is no session information on server B and no special processing is performed at this time, a problem may occur.
There are many kinds of session synchronization. if you store them in memcached or MySQL, it is easy to specify the same location. if it is in the file format, you can use NFS for unified storage.
Another way is to use encrypted cookies. after A user successfully logs on to server A, an encrypted cookie is added to the browser. when A user accesses server B, check whether there is a session. If yes, check whether the cookie is valid. If yes, re-create the session on server B. This method is actually very useful. if the website has many sub-channels and the server is not in the same data center, the session cannot be synchronized and you want to perform unified logon.
Instance problems
Existing systems A and B. assume that system A is A web system that can run independently and can directly process sessions with the browser. System B is mobile-based and needs to call the functional interfaces of System,
If A does not change, that is, login verification and session storage remain unchanged, B can process the requests of the front-end users.
The solution provided here is implemented using PHP
After the user logs in successfully, the session-id of the saved session is returned to system B. Then, every time System B requests other interfaces, it carries session_id.
System A adds session_id (session_id) before session_start );
In this way, System B can safely call.
...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
