How to Set a strictly 30-minute expiration Session example

Source: Internet
Author: User
Tags add time set cookie

SESSION and COOKIE are required by each interviewer, so I hope that you can deeply learn and understand this part to gain a better job opportunity.

Go to laruence blog (this is a good place to learn PHP, click http://www.laruence.com for details /)

During the interview, I often asked a question: "How do I set a 30-minute overdue Session ?", Don't think it looks simple. There is a lot of knowledge here, which is especially suitable for you to check whether basic skills are solid. Who will give it a try? Haha
Why? 1. I saw someone discussing this issue on Twitter. 2. I often ask this question, so ~~
Here, I will answer this question.
First answer
The most common answer is: Set the Session expiration time, that is, session. gc_maxlifetime. This answer is incorrect for the following reasons:
1. first, PHP runs the session gc with a certain probability, that is, the session. gc_probability and session. gc_divisor (For details, refer to a small probability Notice of Session Gc for a deep understanding of PHP Principles). The default values are 1 and 100, which means there is a 1% chance, PHP will run Session gc when a Session is started. it cannot be guaranteed that it will expire in 30 minutes.
2. What about setting a high probability of cleaning? Why? Because PHP uses the modification time of the stat Session file to determine whether the file has expired. If this probability is increased, the performance will be reduced, PHP uses a "one" file to store Session variables related to a Session. Suppose I set a Session variable a = 1 five minutes ago, five minutes later, another Seesion variable B = 2 is set. The modification time of this Session file is the time when B is added, so a cannot be at 30 minutes, cleared. the third reason is as follows.
3. The default PHP (Linux as an example) is to use/tmp as the default Session storage directory, which is also described in the Manual as follows:
Note: If different scripts have different session. gc_maxlifetime values but share session data stored in the same place, the script with the minimum value clears the data. In this case, use this command with session. save_path.
That is to say, if two applications do not specify their own independent save_path, one is set to 2 minutes (assumed as A), and the other is set to 30 minutes (assumed as B ), when Session gc of A is run, Session files of application B will be deleted at the same time.
Therefore, the first answer is not "completely strict.
Second answer
Another common answer is: Set the carrier of the Session ID, and the Cookie expiration time, that is, session. cookie_lifetime. This answer is also incorrect, for the following reasons:
This expiration only indicates that the Cookie expires. In other words, the difference between the Cookie and the Session is that the Session expires on the server and the Cookie expires on the client (browser, even if you set Cookie expiration, this can only ensure that the Cookie (including Session ID) will not be sent when the standard browser expires. If you construct a request, you can also use the value of this Session ID.
Third answer
The use of memcache, redis, and okey is a correct answer. However, it is clear that the question will be followed up to ask you, what if you just use PHP?
Fourth answer
Of course, the interview is not for you, but for the sake of observing the closeness of thinking. In this process, I will prompt these traps, so in general, the practice that fits the meaning of the question is:
1. Set the Cookie expiration time to 30 minutes, and set the Session life time to 30 minutes.
2. Add Time stamp for each Session value.
3. Determine the timestamp before each access.
Finally, some people asked why we should set a 30-minute expiration time: first, this is for the interview. Second, in actual use cases, such as a discount that expires in 30 minutes?

SESSION and COOKIE are required by each interviewer, so I hope that you can deeply learn and understand this part to gain a better job opportunity.

Go to laruence blog (this is a good place to learn PHP, click http://www.laruence.com for details /)

During the interview, I often asked a question: "How do I set a 30-minute overdue Session ?", Don't think it looks simple. There is a lot of knowledge here, which is especially suitable for you to check whether basic skills are solid. Who will give it a try? Haha
Why? 1. I saw someone discussing this issue on Twitter. 2. I often ask this question, so ~~
Here, I will answer this question.
First answer
The most common answer is: Set the Session expiration time, that is, session. gc_maxlifetime. This answer is incorrect for the following reasons:
1. first, PHP runs the session gc with a certain probability, that is, the session. gc_probability and session. gc_divisor (For details, refer to a small probability Notice of Session Gc for a deep understanding of PHP Principles). The default values are 1 and 100, which means there is a 1% chance, PHP will run Session gc when a Session is started. it cannot be guaranteed that it will expire in 30 minutes.
2. What about setting a high probability of cleaning? Why? Because PHP uses the modification time of the stat Session file to determine whether the file has expired. If this probability is increased, the performance will be reduced, PHP uses a "one" file to store Session variables related to a Session. Suppose I set a Session variable a = 1 five minutes ago, five minutes later, another Seesion variable B = 2 is set. The modification time of this Session file is the time when B is added, so a cannot be at 30 minutes, cleared. the third reason is as follows.
3. The default PHP (Linux as an example) is to use/tmp as the default Session storage directory, which is also described in the Manual as follows:
Note: If different scripts have different session. gc_maxlifetime values but share session data stored in the same place, the script with the minimum value clears the data. In this case, use this command with session. save_path.
That is to say, if two applications do not specify their own independent save_path, one is set to 2 minutes (assumed as A), and the other is set to 30 minutes (assumed as B ), when Session gc of A is run, Session files of application B will be deleted at the same time.
Therefore, the first answer is not "completely strict.
Second answer
Another common answer is: Set the carrier of the Session ID, and the Cookie expiration time, that is, session. cookie_lifetime. This answer is also incorrect, for the following reasons:
This expiration only indicates that the Cookie expires. In other words, the difference between the Cookie and the Session is that the Session expires on the server and the Cookie expires on the client (browser, even if you set Cookie expiration, this can only ensure that the Cookie (including Session ID) will not be sent when the standard browser expires. If you construct a request, you can also use the value of this Session ID.
Third answer
The use of memcache, redis, and okey is a correct answer. However, it is clear that the question will be followed up to ask you, what if you just use PHP?
Fourth answer
Of course, the interview is not for you, but for the sake of observing the closeness of thinking. In this process, I will prompt these traps, so in general, the practice that fits the meaning of the question is:
1. Set the Cookie expiration time to 30 minutes, and set the Session life time to 30 minutes.
2. Add Time stamp for each Session value.
3. Determine the timestamp before each access.
Finally, some people asked why we should set a 30-minute expiration time: first, this is for the interview. Second, in actual use cases, such as a discount that expires in 30 minutes?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.