PHP Session Invalid analysis data collation _php example

PHP Session Invalid Analysis

PHP development process, you may have friends often encounter the session produced by the file can not automatically clear the problem, in fact, not really can not clear, but there is a probability problem, as long as your site access volume is large enough, those files can be automatically cleared away. If the number of visits is relatively small, and look at those files are not pleasing to the eye, as long as the configuration in the php.ini can realize the session file automatic cleaning function, the specific configuration as follows:

Found it

session.gc_probability = 1
Session.gc_divisor = 1000

The above two parameters are actually this probability, by default is 1/1000

Change session.gc_divisor = 1000 to Session.gc_divisor = 100

If you want to achieve full real-time, then you can change this parameter to 1, so the probability is 100%.

See how the session works.

Overview: Each time a PHP request, a 1/100 probability (the default) triggers a "session recycle". If "Session recycling" occurs, the/tmp/sess_* file is checked, and if the last modification time is now more than 1440 seconds (the Gc_maxlifetime value), it is deleted, meaning that these sessions expire.

1. How does session exist on the server side (typically Apache with PHP module)?

By default, PHP saves the session in the/tmp directory, and the file name looks like this: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session.

more/tmp/sess_01aab840166fd1dc253e3b4a3f0b8381
username|s:9: "Jiangfeng"; admin|s:1: "0〃;

#变量名 | Type: Length: Value

Delete the session file here, it means that the corresponding session is invalid.

2. How does the session exist on the client side (typically the browser)?

Session is on the browser side, you can simply save the session ID (the unique ID generated by the server side). There are two ways to save: In a cookie, in a URL. If you save the session ID in a cookie, you can see that there is a PHPSESID variable in the browser's cookie. If the URL is passed, you can see the shape:
Index.php? The URL of the phpsesid=01aab840166fd1dc253e3b4a3f0b8381. (using Session.use_cookies to control which way to use on the server side)

3. On the server side, how does PHP determine if the session file expires?

If the "Last modification Time" to "now" exceeds the Gc_maxlifetime (default is 1440) seconds, this session file is considered to be expired, and in the next session collection, if the file is still not changed, The session file will be deleted (sessions expire).
Simply put, if I log on to a website, if there is no operation within 1440 seconds (the default), then the corresponding session is considered expired.
Therefore, modifying the gc_maxlifetime variable in the php.ini file can prolong the expiration of the session: (for example, we modify the expiration time to 86,400 seconds)

Session.gc_maxlifetime = 86400

Then, restart your Web service (typically Apache).
Note: The php5 inside the session expired using the recycle mechanism. This setting has a time of 86,400 seconds, and if the session has not been modified in 86,400 seconds, then the next "recycle" is really deleted.

4. When does the session "recycle" occur?

By default, each time a PHP request, there will be 1/100 of the probability of recycling, so it may be simply understood as "every 100 times PHP request has a recycle." This probability is controlled by the following parameters
#概率是gc_probability/gc_divisor

session.gc_probability = 1
Session.gc_divisor = 100

Note 1: Assuming this situation is gc_maxlifetime=120, if a session file is last modified 120 seconds ago, the session will still be valid until the next time the recovery (1/100 probability) occurs.
NOTE 2: If your session uses Session.save_path to save the session,session recycle mechanism, it is possible that the expired session file will not be processed automatically. This requires a timed manual (or crontab) deletion of expired sessions:

Cd/path/to/sessions; Find-cmin +24 | Xargs RM

5. Some special circumstances

Because the recycle mechanism will check the file "last modified", so if a session is active, but the contents of the sessions have not changed, then the corresponding time file has not changed, the recycling mechanism will consider it a long time no active session and delete it. This is something we don't want to see, and we can solve this problem by adding the following simple code:

<?php 
if (!isset ($_session[' last_access ')) | | (Time ()-$_session[' last_access ') >60)
  $_session[' last_access '] = time (); 
? >

The code tries to modify the session every 60 seconds.
Summary: If you want to modify the session expiration time, modify the variable gc_maxlifetime. The PHP5 session uses a passive recovery mechanism (garbage collection). Expired session files do not disappear on their own, but instead handle expired sessions by triggering a "recycle".

Let's take a look at some other questions about setting session time.

Session Expiration Time parameter

Set the expiration time parameters, mainly set the parameters of the Session.gc_maxlifetime, and then the security of a little set, set the following two parameters.

Ini_set (' Session.cookie_lifetime ', 0); Available Print_r (Session_get_cookie_params ()); Observe
ini_set (' Session.gc_maxlifetime ', 3600);//Available Echo ini_get ("Session.gc_maxlifetime");

Session_cookie_lifetime set to 0, the representative waited until browser to clear this cookie. (Session and browser cookies are related)

If you're too lazy to think about it, just use the following function.

Session Expiration Time Program

<?php
function start_session ($expire = 0)
{
  if ($expire = = 0) {
    $expire = ini_get (' session.gc_ Maxlifetime ');
  } else {
    ini_set (' Session.gc_maxlifetime ', $expire);
  }
  if (Empty ($_cookie[' Phpsessid ')) {
    session_set_cookie_params ($expire);
    Session_Start ();
  } else {
    session_start ();
    Setcookie (' Phpsessid ', session_id (), time () + $expire);
  }
? >

How to use

Add at the top of the program: Start_session (600); Represents 600 seconds later expires (replaces original session_start ())
If you want to extend the expiration time again, just make a change.

But there is a problem to note that the PHP session preset is saved as file, so/tmp may be due to this set up and burst out (too many files), usually the solution is to save the session into the Db/memcache.

Thank you for reading, I hope to help you, thank you for your support for this site!