Php Session control cookie and Session processing

Source: Internet
Author: User
Tags session id php session sessions set cookie setcookie

Session introduction: HTTP (Hypertext Transfer Protocol) defines the transmission of text, graphics, videos, and all
All other data rules. HTTP is a stateless protocol, indicating that each request is processed with the previous or subsequent
The request is independent. Although this simplification has made outstanding contributions to the popularization of HTTP
For Web application developers, this is a bit of a problem. To solve this problem
A small amount of information (cookies) is stored on the machine ).
Due to cookie size restrictions, quantity, and other reasons, developers propose another solution: session
1. Cookie
Set cookie: the setcookie () function can generate a cookie file on the client, which can be saved
Time, name, value, and so on.
Create cookie

The code is as follows: Copy code
<? Php
Setcookie ('name', 'Lil', time () + (7*24*60*60); // set a cookie with an expiration time of 7 days.

Parameter 1: cookie name
Parameter 2: cookie value
Parameter 3: cookie expiration time

View cookie

Open Firefox: Tools-page information-security-View cookie to view the current cookie information
Read cookie

The code is as follows: Copy code
<? Php
Echo $ _ COOKIE ['name'];

Delete cookie

The code is as follows: Copy code
<? Php
Setcookie ('name ',");
Setcookie ('name', 'Lil', time ()-1 );

Cookie usage restrictions
1. It must be set before HTML file content output;
2. Different browsers may encounter inconsistent processing of cookies and sometimes incorrect results.
3. Restrictions are imposed on the client. A browser can create up to 30 cookies, and each Cookie cannot
More than 4 kB, each WEB site can set a total of 20 cookies.

II. Session
Session processing
When session processing is used, you must start the session and start the session with session_start.
Create a session and read the session

The code is as follows: Copy code
<? Php
Session_start ();
$ _ SESSION ['name'] = 'Lil ';
Echo $ _ SESSION ['name'];

Determine whether a session exists

The code is as follows: Copy code
<? Php
Session_start ();
$ _ SESSION ['name'] = 'Lil ';
If (isset ($ _ SESSION ['name']) {
Echo $ _ SESSION ['name'];

Delete session

The code is as follows: Copy code
<? Php
Session_start ();
$ _ SESSION ['name'] = 'Lil ';
Unset ($ _ SESSION ['name']);
Echo $ _ SESSION ['name'];

Destroy all sessions

The code is as follows: Copy code
<? Php
Session_start ();
$ _ SESSION ['name'] = 'Lil ';
$ _ SESSION ['name2'] = 'Lil ';
Session_destroy ();
Echo $ _ SESSION ['name'];
Echo $ _ SESSION ['name2'];

Differences and relationships between cookies and Sessions
• Storage location:
1. The session is stored on the server. You can configure the session configuration in php. ini.
2. Cookies are stored on the client (in fact, there are two types:
1. Persistent cookie: sets the cookie Time, which exists on the hard disk as a file,

2. The session cookie does not set the cookie time. The lifecycle of the cookie disappears before the browser is closed. It is generally not stored on the hard disk but stored in the memory)

Relationship between cookie and session

The cookie is sent through the http header:

Cookie name = PHP % BB % B4 % B1 % B1; PHPSESSID = cpt2ah3pi4cu7lo69nfbfllbo7

PHPSESSID is an important parameter of the session associated with the server.

Check the session File: sess_cpt2ah3pi4cu7lo69nfbfllbo7.

The format of session_id is: sess _ plus the value of PHPSESSID.

We can understand this as follows:

When the program needs to create a session for a client request, the server first checks whether the client request contains a session id (called session id ), if it already exists, it indicates that a session has been created for this client. Then, the server retrieves and uses this session according to the session id (a new session will be created if it cannot be retrieved ), if the client request does not contain the session id, the client creates a session and generates a session id associated with the session. The session id value should be unique, the session id is returned to the client for saving in this response. The cookie can be used to save the session id, so that the browser can automatically send the id to the server according to the rules during the interaction. Generally, the cookie name is similar to SEEESIONID.

Session and cookie configurations in php. ini

1, session. use_cookie = 1
Whether to use the Cookie method to pass the session id value. The default value is 1, indicating that it is enabled.
2, session. name = PHPSESSID
You must use a key value to pass sessioin_id through the Cookie or GET method. Their formats are Cookie: sess_name = session_id; and/path. php? Sess_name = session_id, where sess_name is specified here.
3, session. use_only_cookies = 0
Indicates that only session IDs are transmitted using the Cookie method. As we have said, in addition to cookies, there are also GET methods. The GET method is insecure. When the cookie is disabled on the user side, session_id is transmitted using the GET method. You can use the GET method to pass session_id through this setting.
4. session. cookie_lifetime = 0, session. cookie_path =/, and session. cookie_domain =
If you use the Cookie method to pass session_id, the valid cookie domain, directory, and time are specified here. Corresponds to the $ expire, $ path, and $ domain parameters of the setcookie () function. Cookie_lifetime = 0 indicates that the Cookie is not deleted until the browser is closed. You can also use the session_set_cookie_params () function to modify these values.
5, session_name ([string $ name])
Obtains or updates session_name. If the name is passed, the default name PHPSESSID (specified by session. name) is not used. Otherwise, the current session_name is obtained. Note: If session_name is set, the call takes effect only before session_start.
6, session_id ([string $ id])
Similar to session_name (), but it is the method for reading or setting session_id. Similarly, if session_id is set, it must be called before session_start.
7. session_set_cookie_params () and session_get_cookie_params ()
Session_set_cookie_params () allows you to reset the three php. ini settings: session. cookie_lifetime, session. cookie_path, and session. cookie_domain. Session_get_cookie_params () is used to obtain these set values.

Here I made a special table and summarized their differences and similarities:

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.