In-depth understanding of PHP Session mechanism

: This article mainly introduces the PHP Session mechanism. if you are interested in the PHP Tutorial, refer to it. Today, when reading this article about how laruence sets up a strictly 30-minute overdue Session
I was interested in the php session mechanism and found some information on the Internet to study it.

The php session management system supports many configuration options, which can be set in your php. ini file.
In php. in ini's session configuration, session. save_handler defines the name of the processor used to store and obtain the data associated with the session. the default value is files. Note that some extensions can register their own save_handlers; the registered handler can be obtained from phpinfo () for each installation basis. See session_set_save_handler ().
In PHP configuration, there are two ways to process sessions: one is the default files and the other is user-defined.
I. session. save_handler = files
1. session_start ()
1.1 session_start () is the beginning of the session mechanism. it has a certain probability to enable garbage collection because the session is stored in the file and PHP's garbage collection is invalid for the SESSION, the SESSION is recycled to delete files. this probability is based on php. ini configuration (session. save_path.
Some systems use session. gc_probability = 0, which means the probability is 0, but garbage collection is implemented through the cron script.

Session. gc_probability = 1 session. gc_pisor = 100 session. gc_maxlifetime = 1440 // The default expiration time is 24 minutes // The probability is session. gc_probability/session. gc_pisor result 1/100, // It is not recommended to set too small because session garbage collection requires checking whether each file has expired. Session. save_path = // It seems that different systems have different default values. one of the settings is "N;/path" // This is random hierarchical storage. in this case, garbage collection will not work, you need to write the script yourself.

1.2 session checks whether $ _ COOKIE [session_name ()]; session_name () returns the COOKIE key value for saving session_id. this value can be found in php. ini.

Session. name = PHPSESSID // Default value: PHPSESSID

1.3 if it does not exist, a session_id will be generated, and the generated session_id will be passed to the client as the COOKIE value. The following COOKIE operation is performed. Note that the setcookie () operation is performed in this step. the COOKIE is sent in the header, which cannot be output before, PHP has another function session_regenerate_id (). If this function is used, no output is available.

Setcookie (session_name (), session_id (), session. cookie_lifetime, // The default value is 0 session. cookie_path, // Default '/'. the current program and directory have valid sessions. cookie_domain, // null by default)

1.4 if session_id =$ _ COOKIE [session_name];
Go to the folder specified by session. save_path and find the file named 'sess _ '. session_id.
Read the file content deserialization and put it in the $ _ SESSION global variable.
2. assign a value to $ _ SESSION
For example, if a new value $ _ SESSION ['test'] = 'test' is added, the $ _ SESSION is only maintained in the content. when the script execution ends, write the $ _ SESSION value to the folder specified by session_id, and then close related resources. in this phase, you may change the session_id.
For example, destroy an old session_id and generate a new session_id. half is used for custom session operations and role conversion, such as Drupal. anonymous users of Drupal have a SESSION. after logon, they need to replace the new session_id.

If (isset ($ _ COOKIE [session_name ()]) {setcookie (session_name (), '', time ()-42000 ,'/'); // old session cookie expired} session_regenerate_id (); // This step generates a new session_id // session_id () returns a new value

3. write SESSION
At the end of the script, the SESSION write operation will be executed to write the $ _ SESSION value to the session_id named file, which may already exist and may need to be created.
4. destroy the SESSION
The COOKIE sent by the SESSION is generally an instant COOKIE, which is stored in the memory and will expire only when the browser is closed. if the user needs to forcibly expire, such as logging out, rather than closing the browser, the SESSION needs to be destroyed in the code. There are many methods.
4.1 setcookie (session_name (), session_id (), time ()-8000000,...); // run the command before logging out.
4.2 usset ($ _ SESSION); // This will delete all $ _ SESSION data. after refreshing, a COOKIE is sent, but no data exists.
4.3 session_destroy (); // This function is more thorough. delete $ _ SESSION to delete the session file and session_id.
When the browser is not closed, refresh the page again. cookies are sent from both 2 and 3, but no data is found.

II. session. save_handler = user
In the php Manual, session_set_save_handler is used to set user-defined session storage functions. to use a method other than the built-in session storage mechanism of PHP, you can use this function. For example, you can customize the session storage function to store session data to the database.
For details, see The PHP manual http://php.net/manual/zh/function.session-set-save-handler.php