Php session usage-PHP source code

To use the session, you must use PHP4.1 or later, and set register_globleOff in php. ini to register_globleOn. In addition, the session. cookie_path line is not easy to change. To use the session, you must use PHP4.1 or later, and set register_globle = Off in php. ini to register_globle = On. In addition, session. cookie_path =/is not easy to change.

Script ec (2); script

The session in PHP uses the client Cookie by default. When the client's Cookie is disabled, it is automatically passed through Query_String.

Php processes a total of 11 session functions. We will introduce several functions in detail.

1. session_start

Function: Start a session or return an existing session.

Function prototype: boolean session_start (void );

Return Value: Boolean

Session Working Principle

First, PHP generates a unique string for the user who creates the Session to mark the user's session. this string is generally called the Session Id. then, "sess" + Session Id is the file name (for example, if a Session ID is 111, the file name is sess_111). Create a file in the file system of the server, save the name and value of the global variable defined in the Session in the file. Then, save the Session Id as a Cookie named PHPSession in the file system of the user end.
Then, when the user connects to the server again to access a PHP script, PHP obtains the Session Id of the user's Session from the user's PEESession Cookie, and saves the Session information from the file system of the server based on the Session Id. Finally, read the value of the global variable set during the last connection from this file.
Therefore, we can see that the working principle of Session is the same as that of Identity Authentication described in the previous section. The difference is that Session stores information in the file system of the server, and we store the information in the database. Of course, the advantage of using Session is that data storage and acquisition are automatically completed by PHP, and directly using cookies requires you to save and obtain data by yourself.
Session uses the Cookie identity Flag Function to save the information that users need to save when browsing the website on the server. In this way, Session not only overcomes the defects of the HTTP protocol, but also prevents information leakage and facilitates the use of programmers. It is a very good solution. However, the Session function is only supported by PHP4, and PHP3 does not support Session. Therefore, users who use PHP3 to build websites can only use cookies directly.

Session instance

When using session, set the session. sava. path in the php. ini file first.

The Code is as follows:

// Start the Session Session_start (); // Declare a variable named admin and assign a null value. $ _ SESSION ["admin"] = null; ?> // After the form is submitted... $ Posts =$ _ POST; // Clear some blank symbols Foreach ($ posts as $ key => $ value) {$ Posts [$ key] = trim ($ value );} $ Password = md5 ($ posts ["password"]); $ Username = $ posts ["username"]; $ Query = "SELECT 'username' FROM 'user' WHERE 'Password' = '$ password '"; // Obtain the query result $ UserInfo = $ DB-> getRow ($ query ); If (! Empty ($ userInfo )) { If ($ userInfo ["username"] = $ username) {// When the verification is passed, start the Session Session_start (); // Register the logon admin variable and assign the value true. $ _ SESSION ["admin"] = true; } Else { Die ("incorrect user name and password "); } } Else { Die ("incorrect user name and password "); } ?> We start the Session on the page that requires user verification to determine whether to log on: // Prevent security risks caused by global variables $ Admin = false; // Start the session. This step is required. Session_start (); // Determine whether to log on If (isset ($ _ SESSION ["admin"]) & $ _ SESSION ["admin"] = true) { Echo "you have successfully logged on "; } Else {// Verification Failed. Set $ _ SESSION ["admin"] to false $ _ SESSION ["admin"] = false; Die ("You are not authorized to access "); } ?> // Save for one day $ LifeTime = 24*3600; Setcookie (session_name (), session_id (), time () + $ lifeTime, "/"); ?> // This method destroys a previously registered variable. Unset ($ _ SESSION ["admin"]); // This method destroys the entire Session file. Session_destroy (); ?> Let's manually set the Session lifetime: // Save for one day $ LifeTime = 24*3600; Setcookie (session_name (), session_id (), time () + $ lifeTime, "/"); ?> In fact, the Session also provides a function session_set_cookie_params (); To set the Session lifetime. This function must be called before the session_start () function is called: // Save for one day $ LifeTime = 24*3600; Session_set_cookie_params ($ lifeTime ); Session_start (); $ _ SESSION ["admin"] = true; ?>