How to set a session example with a strict 30-minute expiration

Source: Internet
Author: User
Tags learn php session id redis sessions

Session and Cookie is every interviewer must ask the knowledge point, so hope that students can learn to understand this part to get better job opportunities





the following content to the Laruence blog (this is a good place to learn PHP, details click http://www.laruence.com/)





in my interview, I often ask a question: "How to set a 30-minute session expired?", we do not think that seemingly simple, here bread contains a lot of knowledge, especially suitable for the examination of basic skills is solid, who will answer to try? Oh

Why do
ask this question? 1. I saw someone talking about this on Twitter, and 2 thought I often asked this question, so ~ ~


here, I'll answer the question.


First kind of answer


the most common answer, then, is to set the expiration time of the session, that is, session.gc_maxlifetime, the answer is incorrect, for the following reasons:


1. First of all, this PHP is a probability to run the session of the GC, namely Session.gc_probability and Session.gc_divisor (see the in-depth understanding of the PHP principle of the session GC a small probability notice , this default value is 1 and 100, which means that there is a 1% chance that PHP will run the session GC at the start of a sessions. There is no guarantee that it will expire in 30 minutes.


2. What about setting a big chance to clean up? It's still wrong. Because PHP uses the stat session file modification time to judge whether the expiration, if increases this probability to be able to reduce the performance, second, PHP uses "one" the file to save and a conversation correlation time variable, assumes that I had set up 5 minutes ago A a=1 the time variable, After 5 minutes to set up a b=2 seesion variable, then the session file modified time to add a time of B, then a can not be cleaned up in 30 minutes. There are also the following third reasons.


3. PHP default (for example, Linux) is to use/TMP as the default storage directory for the session, and the manual also has the following description:


Note: If different scripts have different session.gc_maxlifetime values but share the same place to store session data, the script with the smallest number will clean up the data. In this case, use this directive with Session.save_path.


that is, if two applications do not specify their own independent Save_path, one setting expires at 2 minutes (assuming a) and one setting of 30 minutes (assuming B), then each time a session GC runs, The session files that belong to application B are also deleted.


So, the first answer is not "completely strict" right.


the second answer


also has a common answer: Set the carrier of the session ID, the expiration time of the cookie, that is, session.cookie_lifetime. This answer is also incorrect, for the following reasons:


This expiration is only a cookie expired, in other words, the difference between the cookie and session, the session expires is the server expired, and cookies expire is the client (browser) to ensure that even if you set the cookie expiration, This will only ensure that when the standard browser expires, the cookie (which contains the session ID) is not sent, and the value of this session ID can be used if the request is constructed.


Third Answer


use Memcache, Redis and so on, Okey, this answer is a correct answer. However, it is obvious that the creator will continue to ask you, if you just use PHP?


Fourth Answer


of course, the interview is not for you, but for the scrutiny of thinking. In the process I will be prompted with these traps, so generally speaking, the practice is:


1. Set the cookie expiration time by 30 minutes and set the session lifetime to 30 minutes.


2. Self adds time stamp for each session value.


3. Judge the timestamp before each visit.


Finally, some students asked why to set the 30-minute expiration time: This, first of all, this is for the interview, and second, the actual use of the scene, such as 30 minutes on the expiration of the coupons?





session and cookies are every interviewer must ask the knowledge point, so hope that students can learn to understand this part to get better job opportunities





the following content to the Laruence blog (this is a good place to learn PHP, details click http://www.laruence.com/)





in my interview, I often ask a question: "How to set a 30-minute session expired?", we do not think that seemingly simple, here bread contains a lot of knowledge, especially suitable for the examination of basic skills is solid, who will answer to try? Oh

Why do
ask this question? 1. I saw someone talking about this on Twitter, and 2 thought I often asked this question, so ~ ~


here, I'll answer the question.


First kind of answer


the most common answer, then, is to set the expiration time of the session, that is, session.gc_maxlifetime, the answer is incorrect, for the following reasons:


1. First of all, this PHP is a probability to run the session of the GC, namely Session.gc_probability and Session.gc_divisor (see the in-depth understanding of the PHP principle of the session GC a small probability notice , this default value is 1 and 100, which means that there is a 1% chance that PHP will run the session GC at the start of a sessions. There is no guarantee that it will expire in 30 minutes.


2. What about setting a big chance to clean up? It's still wrong. Because PHP uses the stat session file modification time to judge whether the expiration, if increases this probability to be able to reduce the performance, second, PHP uses "one" the file to save and a conversation correlation time variable, assumes that I had set up 5 minutes ago A a=1 the time variable, After 5 minutes to set up a b=2 seesion variable, then the session file modified time to add a time of B, then a can not be cleaned up in 30 minutes. There are also the following third reasons.


3. PHP default (Linux for example) is to use/TMP as the default storage directory for the session, and the manual also has the following description:


Note: If different scripts have different session.gc_maxlifetime values but share the same place to store session data, the script with the smallest number will clean up the data. In this case, use this directive with Session.save_path.


that is, if two applications do not specify their own independent Save_path, one setting expires at 2 minutes (assuming a) and one setting of 30 minutes (assuming B), then each time a session GC runs, The session files that belong to application B are also deleted.


So, the first answer is not "completely strict" right.


the second answer


also has a common answer: Set the carrier of the session ID, the expiration time of the cookie, that is, session.cookie_lifetime. This answer is also incorrect, for the following reasons:


This expiration is only a cookie expired, in other words, the difference between the cookie and session, the session expires is the server expired, and cookies expire is the client (browser) to ensure that even if you set the cookie expiration, This will only ensure that when the standard browser expires, the cookie (which contains the session ID) is not sent, and the value of this session ID can be used if the request is constructed.


Third Answer


use Memcache, Redis and so on, Okey, this answer is a correct answer. However, it is obvious that the creator will continue to ask you, if you just use PHP?


Fourth Answer


of course, the interview is not for you, but for the scrutiny of thinking. In the process I will be prompted with these traps, so generally speaking, the practice is:


1. Set the cookie expiration time of 30 minutes and set the session's lifetime to 30 minutes.


2. Self adds time stamp for each session value.


3. Judge the timestamp before each visit.


Finally, some students asked why to set the 30-minute expiration time: This, first of all, this is for the interview, and second, the actual use of the scene, such as 30 minutes on the expiration of the coupons?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.