Php Session invalid analysis data sorting, phpsession

Php Session invalid analysis data sorting, phpsession

Invalid php Session Analysis

During PHP development, some friends may often encounter the problem that the files generated by the Session cannot be automatically cleared. In fact, it is not true that the files cannot be cleared, but there is a probability problem, as long as your site traffic is large enough, those files can be automatically cleared. If the traffic is small and the files are not pleasing to the eye, you only need to configure the php. ini file to automatically clear the Session file. The specific configuration is as follows:

Find

Session. gc_probability = 1
Session. gc_divisor = 1000

The above two parameters are actually the probability. The default value is 1/1000.

Change session. gc_divisor = 1000 to session. gc_divisor = 100.

If you want to achieve full real-time, you can change this parameter to 1, so the probability is 100%.

Let's see how the session works.

Summary: Each php request has a 1/100 probability (default) to trigger "session reclaim ". If "session Recycle" occurs, the/tmp/sess _ * file will be checked. If the last modification time exceeds 1440 seconds (the value of gc_maxlifetime ), delete it, which means that these sessions expire.

1. How does a session exist on the server (generally Apache with PHP module?

By default, php stores the session in the/tmp directory. The file name is as follows: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session ).

more /tmp/sess_01aab840166fd1dc253e3b4a3f0b8381username|s:9:”jiangfeng”;admin|s:1:”0〃;

# Variable name | type: length: Value

Deleting the session file indicates that the corresponding session is invalid.

2. How does a session exist on the client (usually a browser?

On the browser side, you only need to save the session ID (the unique ID generated by the server. There are two storage methods: cookie and url. If the session ID is saved in the cookie, you can see that there is a PHPSESID variable in the browser's cookie. If the URL is passed, you can see the following:
Index. php? PHPSESID = 01aab840166fd1dc253e3b4a3f0b8381 URL. (The server uses session. use_cookies to control which method to use)

3. on the server side, how does php determine whether the session file has expired?

If the "last modification time" has exceeded "gc_maxlifetime (default value: 1440) seconds, this session file is considered to have expired. During the next session collection, if this file has not been changed, the session file will be deleted (the session will expire ).
Simply put, if I log on to a website and have not performed any operations within 1440 seconds (default), the corresponding session will be deemed to have expired.
Therefore, modifying the gc_maxlifetime variable in the php. ini file can prolong the session expiration time: (for example, we can change the expiration time to 86400 seconds)

Session. gc_maxlife time = 86400

Then, restart your web Service (generally apache.
Note: The recycle mechanism is used for session expiration in php5. The time is set to 86400 seconds. If the session has not been modified within 86400 seconds, it will be deleted during the next "recycle" operation.

4. When will session "recycle" occur?

By default, every php request will have a 1/100 probability of recovery, so it may be simply understood as "every 100 php requests will be recycled once ". This probability is controlled by the following parameters:
# The probability is gc_probability/gc_divisor.

Session. gc_probability = 1
Session. gc_divisor = 100

Note 1: Assume that gc_maxlifetime = 120. If the last modification time of a session file is before 120 seconds, before the next recovery (1/100 probability, this session is still valid.
NOTE 2: If your session is saved elsewhere in session. save_path, the session recycle mechanism may not automatically process expired session files. In this case, you need to manually (or crontab) delete expired sessions:

Cd/path/to/sessions; find-cmin + 24 | xargs rm

5. Special Cases

Because the recycle mechanism checks the "last modification time" of the file, if a session is active but the session content has not changed, the corresponding session file has not changed, the recycle mechanism will delete a session that is not active for a long time. This is something we don't want to see. You can solve this problem by adding the following simple code:

<?php if(!isset($_SESSION['last_access'])||(time()-$_SESSION['last_access'])>60)  $_SESSION['last_access'] = time(); ?>

The Code attempts to modify the session every 60 seconds.
Conclusion: If you want to modify the session expiration time, you can modify the variable gc_maxlifetime. The session of php5 adopts a passive collection mechanism (garbage collection ). The expired session file will not disappear, but will be processed by triggering "recycle.

Let's take a detailed look at some other questions about setting the session time.

 Session expiration time Parameter

Set the expiration time parameter, which is mainly used to set the session. gc_maxlifetime parameter. To set the reinsurance point, set the following two parameters.

Ini_set ('session. cookie_lifetime ', 0); // print_r (session_get_cookie_params () is available; observe ini_set ('session. gc_maxlifetime', 3600); // echo ini_get ("session. gc_maxlifetime "); Observe

If session_cookie_lifetime is set to 0, it indicates that the cookie is cleared only when browser is used. (session and browser cookie are related)

If you are too reluctant to think about this, you can simply use the following function.

Session expiration time program

<?phpfunction start_session($expire = 0){  if ($expire == 0) {    $expire = ini_get('session.gc_maxlifetime');  } else {    ini_set('session.gc_maxlifetime', $expire);  }  if (empty($_COOKIE['PHPSESSID'])) {    session_set_cookie_params($expire);    session_start();  } else {    session_start();    setcookie('PHPSESSID', session_id(), time() + $expire);  }}?>

Usage

Add start_session (600) at the top of the program; // It indicates that it will expire after 600 seconds (replace the original session_start ())
If you want to extend the expiration time, you only need to modify it.

However, you should note that the PHP session is saved as a file by default, so/tmp may be cracked due to this setting (too many files ), the general solution is to store sessions in DB/memcache.

Thank you for reading this article. I hope it will help you. Thank you for your support for this site!