PHP Session Implementation principle

In the implementation of the session using cookie technology, session will save a session_id (session number) in the client cookie, the server side to save other session variables, such as Session_name and so on. When the user requests the server also sends the session_id to the server, through session_id extracts the variable which is saved on the server side, can identify the user is who. It is also not difficult to understand why the session sometimes fails.

When the client disables cookies (click "Tools" in IE.) Internet Options, click "Security" in the Pop-up dialog box. Custom level item, set allow each dialog COOKIE to Disabled, session_id will not be delivered, and the session is invalidated. However PHP5 on the Linux/unix platform can automatically check the cookie status, if the client is set to disable, the system automatically attaches the session_id to the URL to pass. The Windows host does not have this.

PHP Session principle 2007-08-17 13:24 as is known to all, the HTTP protocol is a stateless protocol, in short, the Web server is not aware of the people who are connected now, in order to meet the need to selectively send information, On the basis of HTTP has done a lot of expansion to achieve this purpose, such as digital signature, cookies, session, etc.
How can a Web server or Web application know who is connecting now? To solve this problem, we first need to establish a one by one correspondence between the server side and the client, and below I crawl the content of HTTP to illustrate how the corresponding relationship is established.
I am using an HTTP packet sniffing tool called Httplook, and then create a file called test.php in the root directory of the local Web server, the address is: http://localhost/test.php, when everything is ready I will open this page repeatedly through the browser.

<?php
Session_Start ();
if (Isset ($_session[' test_sess ')) {
$_session[' test_sess ']++;
}else{
$_session[' test_sess '] = 0;
}
echo $_session[' test_sess '];
?>;

The following is the information sent to the server and the information returned by the server in the previous two
Reference: The original post was published by the "First request Server":

get/test.php http/1.1
Accept: */*
referer:http://localhost/
Accept-language:zh-cn
Accept-encoding:gzip, deflate
user-agent:mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon;. NET CLR 1.1.4322)
Host:localhost
Connection:keep-alive

Reference: The original post is published by "Server First return":

http/1.1 OK
Date:fri, 2005 07:44:22 GMT
server:apache/2.0.54 (Win32) svn/1.2.1 php/5.0.4 DAV/2
x-powered-by:php/5.0.4
SET-COOKIE:PHPSESSID=BMMC3MFC94NCDR15UJITJOGMA3; path=/
Expires:thu, 1981 08:52:00 GMT
Cache-control:no-store, No-cache, Must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-length:1
Keep-alive:timeout=15, max=99
Connection:keep-alive
content-type:text/html; Charset=utf-8
Content-language:off

Reference: The original post is published by the "Second request Server":

get/test.php http/1.1
Accept: */*
referer:http://localhost/
Accept-language:zh-cn
Accept-encoding:gzip, deflate
user-agent:mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon;. NET CLR 1.1.4322)
Host:localhost
Connection:keep-alive
Cookie:phpsessid=bmmc3mfc94ncdr15ujitjogma3

Reference: The original post was published by "Server Second return":

http/1.1 OK
Date:fri, 2005 07:44:23 GMT
server:apache/2.0.54 (Win32) svn/1.2.1 php/5.0.4 DAV/2
x-powered-by:php/5.0.4
SET-COOKIE:PHPSESSID=BMMC3MFC94NCDR15UJITJOGMA3; path=/
Expires:thu, 1981 08:52:00 GMT
Cache-control:no-store, No-cache, Must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-length:1
Keep-alive:timeout=15, max=98
Connection:keep-alive
content-type:text/html; Charset=utf-8
Content-language:off

Comparing these outputs carefully, the second request is more than the first request:
Cookie:phpsessid=bmmc3mfc94ncdr15ujitjogma3
This header will send a cookie message to the server telling the server that I have a cookie named Phpsessid, which is bmmc3mfc94ncdr15ujitjogma3.
How did this cookie come about? Look at the first time the server returned the information inside:
SET-COOKIE:PHPSESSID=BMMC3MFC94NCDR15UJITJOGMA3; path=/
This is the server to the client browser to write a cookie, the name is PHPSESSID, the value is BMMC3MFC94NCDR15UJITJOGMA3, this value is actually called session_id.
Continue to see the second request to the server, still sent to the server Phpsessid this cookie

The following conclusions can be obtained:
1. If the session is used, the session will be sent to the client browser by means of a cookie
2. Each time a request is made to the server, the local browser will attach the cookie to the request message.

Here, server-side and client how to do through the session one by one corresponding answer is very clear, understand this truth, for the use of the session has a lot of help, please carefully understand.