I. Description of Sssion1, through the session (cookie is another solution) to record the user's information, for the user again in this capacity to request the Web server to confirm. The invention of the session allows a user to save his information when switching between multiple pages. Website programmers have the experience that the variables on each page can not be used on the next page (although Form,url can also be implemented, but this is a very unsatisfactory way), and session of the registered variables can be used as a global variable.
2, PHP session through the session ID to achieve, the user in each landing process, the session ID is the only, it can be saved in the user's machine, or through the URL on the network transmission. The session ID is like a key, and he allows us to register certain variables, which we call session variables. The contents of these variables are stored on the server side, and the session ID is the only information that is visible to the client, and if the client determines the session ID through a cookie or URL in a network connection, then the session variable that the session is saved on the server can be accessed.
Second, the working principle of the session
Client ——— >1.request ————————->server 2. Session_Start (); |< ————-3.reponse (session_id) <--–| ————->4.request (session_id) ——— >| 5. Session_Start (); |< ————-6.reponse (session_id) < ——— | | ————->7. Request (session_id + logout) –>| 8. Session_destroy (); |< ————-9. Reponse (Delete cookie file) < ——-| 1. Client opens the Web page, makes a request to the server, the client because there is no corresponding cookie file exists, in the request does not transport session_id 2. After receiving the client request, the server begins the session processing by executing the session_start () function, first confirming that there is no session_id in the request, and, if not, issuing a new session_id; The file that has session_id is called and the information is written to the $_session, and the text is deposited at the beginning of the Sess_.Pieces. 3. Send the $_session parameter of the write message back to Client,client after the message is sent to the get server, and save the information in the cookie. 4. The client sends the SESSION_ID to the server again after writing the header together in the cookie. Repeat 1-3 of the operation 7. Client issued a logout request 8. After the server accepts the request, the session file processing 9 is deleted by executing the Session_destroy () function. The server sends a command to the client to delete the cookie file saved on the client: Setcookie (Session_name (), ', Time ()-60, '/');
third, session processingSession Start • Perform session START process function: session_start (); · Session after the beginning of the processing: 1. If the session variable is not saved on the server, first make sure that Space 2 is saved for the sessions variable. If the client has a session ID sent out, then restore the saved session variable to $_session 3. Gabadge collection function According to the starting probability to start note point: 1. If the word "Session.auto_start = 1" is php.ini, then session_start () is not executed, and the session starts automatically. 2. Session_Start (); The command has 2 purposes. If there is no session relationship between the client and the sever, then the server issues a new session_id, and if so, read the information about the session file
• After a script is finished, to do the following output work: 1. Write the information data 2 in the session variable that is ensured space. Send a cookie containing the session ID to the client (this information is in the response header of HTTP) if the cookie for the clients is invalid, set the Session.use_trans_sid to "1" and the session The ID information is transmitted by URL or hidden field. 3. The session information is wrapped up in the village. The session file with the initialization state is named sess_<sessionid>
four, the session manual deletion
Session_unset (); multiple releases. Release all variables logged in the session file unset ($_session[' login variable name '); single release. Releases the variable $_session = array () for the specified login in the $_session parameter; multiple releases. Releases all variables that are logged in the $_session parameter Session_destroy (); Delete session files on the server note: 1. Unset ($_session) This function destroys the global variable $_session and there is no viable way to restore it. The user can no longer register the $_session variable, so this function must never be used. 2. The Session_unset () and $_session = Array () are all the same, with multiple releases of variables that are logged in the session file. For previous versions of PHP4.06, however, the session function uses Session_register (), Session_unregister (), session_is_registered (), Session_unset (), the global variable can be logged as a session variable, and it is recommended that session_unset () be used to maintain interchangeability. It is recommended to use $_session = Array () for later versions of the new version PHP4.06.
Five, session system set waste method (garbage disposal)Session.gc_maxlifetime = 1440 (initial value)
Last access after 1440 seconds, automatically delete the tracked session information file Session.gc_probability = 1 (initial value) Session.gc_divisor = 100 (initial value) Gabadge Co Llection Track session information file after startup. Its starting probability is session.gc_probability/session.gc_divisor that is, not every session information file has 100% of the system as garbage to deal with. If you close the browser directly, the session information file in many cases are left on the server if the probability changed to 100%, although Gabadge collection was completely started, but this will add load to the server, also lost the meaning of the GC itself
Vi. Other relevant functions of the session Session.cookie_path and Session.cookie_domain Session.cookie_path means that the browser sends cookies to the server when it opens the specified path For example: Session.cookie_path = "/app/portal", then open/app/portal/ List.php sends cookie information to the server and does not send cookies if the/mro/index.php is open. This advantage is similar to what we set up on IE on the Web launch cookie function, what kind of web site to prevent cookies function as Session.cookie_domain is to change the path to domain, Generally its color content and session.cookie_path like session.cookie_lifetime session.cookie_lifetime = 0 (initial value) The validity period here refers to the validity period of the cookie that is saved on the client. The initial value is 0, which means that when the browser is closed, cookies saved on the client are purged. session.use_cookies Session.use_cookies = 1 (initial value) Session.use_ Cookies are a parameter that sets whether the client uses a cookie when saving the session ID. When it is "1", it shows that the session cookie started, you can use the following query came to the current session id:<? echo "now session id =". $_cookie["Phpsessid"];?> of course, if the client's browser does not support cookies, even if the argument equals "1", the query above will only get null. ※ in order to distinguish with the Setcookie, here with the name of the session cookie, in addition to the two in the client is stored in different places, what other differences are not quite clear. Session.use_trans_sid and Session.use_only_cookies   Session.use_only_cookies = off (initial value) when it is invalid, allow cookies to pass the session ID through the URL, For some browsers that do not support cookies and need session management, although there may be an attack on the security, this value must be invalid, otherwise the Web page can not be transferred. ※ for the security of browsers that do not support cookies and use the session to manage, I only know these, and I hope we can give other solutions. If the customer's browser is a cookie-enabled, then strongly recommend "session.use_only_cookies = on" ", when Session.use_only_cookies is valid, even if you want to pass the session ID through a URL, it is considered invalid, which reduces the likelihood of being attacked through SessionID. Session.use_trans_sid = 0 (initial value) for some browsers that do not support cookies and the Web page for session management, the session ID must be filled in the URL when the page is transferred <form action= "nextpage.php?<?=sid?>", but every page is written on the more tiring, Here if the Session.use_trans_sid set to "1", then as long as the write <formaction= "nextpage.php" >,session ID automatically added to the URL. ※ The URL here must be a relative path when using Session.use_trans_sid to be valid, session.use_only_cookies must be set to invalid, otherwise it cannot be used
vii. Procedures1. Establish session
?
| 1 2 3 4 5 6 7 |
<?php session_start (); $_session ["AA"]= "111111111"; $_session ["BB"]= "22222222222"; $_session ["CC"]= Array (' 1 ', 2, 4); Echo session_id (). "<br>";?> |
2, delete session
?
| 1 2 3 4 5 6 7 8 9 10 11-12 |
<?php//Open session session_start (); Empty session Value $_session = Array (); Deletes the client's SessionID if (Isset ($_cookie [Session_name ()]) in the COOKIE (Setcookie (), ",", Time ()-3600, '/' ); }//Destroy session Session_destroy ()?> |
3, in other pages to get the value of the session?
| 1 2 3 4 5 6 |
<?php session_start (); &nbs P Print_r ($_session); Echo session_id (). "<br>"; //Gets the session ID, which is a 32-bit string echo $_cookie [Session_name ()]; //Get the reserved session_id in the cookie, its variable name is <?php echo session_name ();? >?> |
