PHP Logout Features
The PHP manual writes Session_destroy () destroys all of the data associated with the current session. It does unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start () have to be called.
In order to kill the session altogether, like to log the user out, the session ID must also is unset. If a cookie is used to propagate the session ID (default behavior) and then the session cookie must be deleted. Setcookie () May is used for.
Baidu knows write
The session is a conversation that is established at the time of Session_Start ().
$_session is a global array, and there is no difference between the other global arrays. Just when PHP creates a session, it creates a global array to hold the contents of the session, which is called $_session, and it's nothing different than the other arrays we're going to create ourselves.
When Session_Start () executes, the session is opened, first, if the session is not created, a session file (default, customizable) is created in the system's TMP directory, and the global array is created in the execution script of the current session $_session,h $_ Session is an empty array. If the session exists, it reads the contents from the session file and establishes the $_session array.
Session_destroy (), clearly stated in the manual: destroys all of the data associated and the current session. It does unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start () have to be called.
The session's global variables and session-related cookies will not be deleted, but this conversation is ended. As an ordinary global variable, if we don't need to be happy, we'll unset him () off. If you want to open the session again, you need to session_start () again, but Session_Start () re-establish the session, the $_session array will be reinitialized, and $_session will be an empty array after session_start ().
? The result is
PHP Session Principle
We know that session is a way to keep user session data on the server side, and the corresponding cookie is to keep the user data on the client. HTTP protocol is a stateless protocol, the server after the response has lost the connection with the browser, the earliest, Netscape the cookie into the browser, so that the data can be client cross-page exchange, then the server is how to remember the many users of the session data?
The first step is to establish a one by one connection between the client and the server, and each client must have a unique identity so that the server can recognize it. There are two ways to suggest a unique identity: a cookie or a get specified. The default configuration of PHP when using the session will create a "PHPSESSID" cookie (can be specified by php.ini modify the Session.name value), if the client disables cookies, you can also specify by the get way to the session ID to the server (modify parameters such as Session.use_trans_sid in php.ini).
We look at the server-side Session.save_path directory will find a lot of files like sess_vv9lpgf0nmkurgvkba1vbvj915, this is actually the session ID " Vv9lpgf0nmkurgvkba1vbvj915″ the corresponding data. The truth is here, the client passes the session ID to the server, the server finds the corresponding file according to the session ID, and when it is read, the contents of the file are deserialized to get the value of the session, and the time to save is serialized and then written.
This is the case, so if the server does not support the session or you want to customize the session, can be completely DIY, through the PHP uniqid generate the session ID never repeat, and then find a place to store the contents of the session, You can also learn Flickr to store the session in the MySQL database.
Why do I have to execute session_start () before using the session?
After understanding the principle, the so-called session is actually a session ID server side of a session file, the new session before the execution of Session_Start () is to tell the server to plant a cookie and prepare the session file, otherwise your session content how to save; Read session before executing session_start () is to tell the server, hurriedly according to the session ID to deserialize the session file.
Only one session function can be executed before session_start (), Session_name (): reads or specifies the session name (for example, "Phpsessid"), which is, of course, executed before the session_start.
Session affects system performance
Session on the large traffic site does affect the performance of the system, one of the reasons for performance is caused by the file system design, in the same directory more than 10,000 files, the location of the file will be very time-consuming, PHP support Session Directory hash, We can modify php.ini in Session.save_path = "2;/path/to/session/dir", then the session will be stored in the level two subdirectory, each directory has 16 subdirectories [0~f], but as if PHP The session does not support creating a directory, you need to create the directory in advance.
Another problem is the efficiency of small files, generally our session data will not be too large (1~2k), if there are a large number of such 1~2k files on disk, IO efficiency will certainly be poor, PHP manual recommended the use of ReiserFS file system, but the prospect of ReiserFS is worrying , ReiserFS's author killed her daughter-in-law, and SuSE abandoned ReiserFS.
In fact, there are many ways to store the session, can be viewed through Php-i|grep "registered save handlers", such as registered save handlers = Files User SQLite Eacce Lerator can be saved through files, users, SQLite, Eaccelerator, and if the server is loaded with memcached, there will be mmcache options. Of course, there are many, such as MySQL, PostgreSQL and so on. is a good choice.
Synchronization of Session
Our front-end may have many servers, the user logged on a server, planted the session information, and then visit some pages of the site might jump to B server up, if this time the B server does not have session information and did not do special treatment, it may be a problem.
There are many kinds of session synchronization, if you are stored in memcached or MySQL, it is very easy to specify to the same location, if it is in the form of files, you can use NFS Unified storage.
There is also a way to achieve through the encryption of cookies, the user on a server login success, the user's browser to type an encrypted cookie, when the user visited the B server, check whether the session, if there is no problem, if not, to verify that the cookie is valid, If the cookie is valid, the session is rebuilt on the B server. This method is actually very useful, if the site has a lot of sub-channels, the server is not a room, the session can not be synchronized and want to do a unified login that is too useful.
Of course, there is a way to keep the session on the Load Balancer layer, to bind the visitor to a server, all of his accesses on that server do not need to synchronize the session, these are operational dimensions of things. Say so much, according to their own application to choose to use the session, do not because everyone said that the session affects the system performance is timid, know the problem, solve the problem is the key, can not afford to avoid the right here.
How to delete session and related cookies