[PHP] PHP session mechanism, configuration and advanced application

Session principle of session 1. PHP: 1. Enable session_start (). The server generates a session file and stores relevant information in the file. The file is prefixed with sess _ and connected to session_ I.

Snapshot 1. PHP session principle: 1. enable session_start (). The server generates a session file and stores relevant information in this file. The file is prefixed with "sess _" and connected to session_ I.

Bytes ---------------------------------------------------------------------------------------------------------

I. PHP session principle:

1. enable session_start (). The server generates a session file and stores relevant information in this file. The file is prefixed with "sess _" and connected to session_id () value (the content is the plain text of the user generated by a specific algorithm, and the large project must be encrypted), and The sessionid is kept in the cookie of the client browser.

2. enable session_start () for the second time, and the browser checks whether there is a sessionid in the cookie. If yes, the browser does not create any files, but directly uses this sessionid to access the server and finds the corresponding session file through sessionid, read the content of the session and store it in the $ _ SESSION array.

Note: No output is available before session_start (). This function sends a session_id to the client and stores it in the cookie.

Ii. PHP Mechanism Using session:

1. Enable session

Session_start ();

2. Access session

$ _ SESSION ['uname'] = 'chenwei ';

3. Destroy the session

Unset ($ _ SESSION ['uname']); // deletes the variables stored in the session array in the memory. $ _ SESSION = array () indicates all session variables.

SetCookie (session_name (), '', time ()-1, '/'); // Delete the sessionid in the client cookie. The default value of session_name () is PHPSESSID.

Session_destory (); // destroy the session file on the server

Iii. PHP session configuration options

The most direct way to view the session configuration is phpinfo (). Then, you can configure the session options in the/usr/local/php/etc/php. ini file as needed. In fact, the session options are generally set by default.

You can consider the following configuration options:

Session. cookie_lifetime = 0; // set the cookie retention time (in seconds), which is equivalent to the session expiration time. 0 indicates that the browser is restarted.

Session. save_handler = files; // The method for saving and retrieving data. The default value is file. The storage mechanism is involved and is not extended here.

Of course, you can also use system functions without modifying the configuration file to achieve the same effect:

SetCookie (session_name (), session_id (), time () + 1440, '/'); // set the cookie validity period to 1440 seconds (24 '), closing the browser session is lost. The maximum time for a session to be stored on the server is 24 '. After the session is reconnected, it will not expire. (That is, keep the logon function)

Iv. PHP session automatic recovery mechanism (startup probability = session. gc_probability/session. gc_pisor)

Session. gc_probability = 1 // startup Probability

Session. gc_pisor = 1000 // divisor, factor

Session. gc_maxlifetime = 1440 // sets the maximum expiration time of the session. The default value is 1440''

As long as the client has an operation, the session expiration time will remain unchanged. When the expiration time is exceeded, the recycle mechanism will start and delete the server session.

　　

5. Pass the session id based on the URL (the cookie is disabled on the client)

1. parameter passing through url:

"> DEMO

Server processing:

$ Sid =! Empty ($ _ GET [session_name ()])? $ _ GET [session_name ()]: '';

Session_id ($ sid); // set to enable a session with an existing sid before session_start ()

Session_start ();

2. How can I automatically determine whether the cookie is enabled and use the corresponding transmission method? (Use the built-in SID constant for automatic judgment)

"> DEMO

$ Sid =! Empty ($ _ GET [session_name ()])? $ _ GET [session_name ()]: '';

If ($ sid! = ''){

Session_id ($ sid );

}

3. Enable the URL to automatically add the session id?

Enable_trans_uid configuration options, and run the session option. when use_trans_sid is activated, when cookie is disabled on the client, the relative URL is automatically changed to include sessionid. If you do not configure or use Windows server, you can use the constant SID.

Link: http://www.cnblogs.com/farwish/p/3909087.html

@ Blackeye poet