PHP Cookies and session

The cookie has been given for 2 hours, this two hours does not concern you have no action, by the time he will expire, and the session is as long as you have action or refresh the page he will not expire, right? Yes, I tested the cookie.

Reply content:

The cookie has been given for 2 hours, this two hours does not concern you have no action, by the time he will expire, and the session is as long as you have action or refresh the page he will not expire, right? Yes, I tested the cookie.

First you have to understand the relationship between the session and the cookie.
Because the HTTP protocol is stateless, there is no connection between the 2 HTTP requests.
But many times the business need to know that 2 HTTP requests are to share information, this is the origin of the session.
Because the HTTP protocol is stateless, there is a session flag in the 2 HTTP requests that require information sharing, and through this session flag, the information of the last request can be obtained at the next request. The session flag is usually stored in a cookie (you can, of course, put the flag in the URL parameter or in the request header).
Therefore, the session expires, depending on whether a request has a session flag, and the session flag of the corresponding session information is still maintained on the server.

Answer based on questions

The cookie has been given for 2 hours, this two hours does not concern you have no action, by the time he will expire

You're right, if you don't change the expiration time of the seesion flag stored in the cookie

And the session is as long as you have the action or refresh the page he will not expire, right?

This updated server stores session information at the time

在服务端session过期时间 = 上次更新session信息的时间 + 设置的过期时间

After calling the Session_Start method, the server returns a SessionID to the client, and the client (typically the browser) takes this sessionid each time the server is requested, and the server is based on the Sessiond to find the corresponding reply to save the record.
So "session is as long as you have action or refresh the page he will not expire"
It's not all right, although it looks like it. However, if the client clears the SessionID (for example, closes the browser), or the server clears the corresponding session reply record (no request is received within the set expiration time), the session will expire

The so-called session is also the server that generates an ID and then stores it as a cookie on the user's local, server-side cookie as a unique value stored in the database.

The session will handle the issue of the expiration time itself, such as automatically re-setting the cookie once the request is made (the expiration time is delayed a lot)

