PHP session working principle and Usage _php tutorial

Source: Internet
Author: User
Tags php session
A very friend of mine will ask how the session works and what is the difference between it and the cookie, and below we give you a brief introduction about the working principle of the session, there is a need to know friends can enter the reference.


1. What is a session

2.Session starts from the user access page, to the end of the connection to the site, forming a session life cycle. During a session, the client is assigned a unique SessionID that identifies the current user and distinguishes it from other users.
3.Session session, SessionID will be stored in the client and server side two locations, for the client to use a temporary cookie save (cookie name is called PHPSESSID) or through a URL string to pass, The server side is also saved as a text file in the specified session directory.
4.Session accepts each access request through an ID, thus identifying the current user, tracking and maintaining user-specific information, and session variables (which can be stored in the session during the session with numbers or text data), such as session_name, etc. These variable information is stored on the server side.
5.SessionID can be saved as session information in the database, the session is persisted, so as to track each user's number of landing, online or not, online time.
Session.name=phpsessid; The name of the session used in the cookie

Session.save_handler=files; The control method used to save/retrieve data
session.save_path=/tmp; The parameter that is passed to the controller when the Save_handler is set to a file, which is the path to which the data file will be saved.
Session.use_cookies=1; whether to use cookies

How to operate the session in PHP:

Session_Start (); Use this function to open the session function

$_session//using predefined global variables to manipulate data

Use unset ($_session[' key ")//Destroy the value of a SESSION

Simple to operate, everything is implemented by the server; because it's in the background, everything looks safe. But what mechanism does the session adopt, and how is it implemented, and how to maintain the state of the session?


Here by the way, if you want to do the server LVS, that is, more than one server, we generally use the memcached way session, otherwise it will cause some requests can not find the session.
A simple memcache configuration:

The code is as follows Copy Code
Session.save_handler = Memcache
Session.save_path = "tcp://10.28.41.84:10001"

Of course, if you must use the files file cache, we can make the file for NFS, and all the saved session files are located in one place.

Just now the Session-id returned to the user is finally saved in memory, where we can also set the parameters to save them in the user's URL.

Why do I have to execute session_start () before using the session?

After understanding the principle, the so-called session is actually a session ID server side of a session file, the new session before the execution of Session_Start () is to tell the server to plant a cookie and prepare the session file, otherwise your session content how to save; Read session before executing session_start () is to tell the server, hurriedly according to the session ID to deserialize the session file.

Only one session function can be executed before session_start (), Session_name (): reads or specifies the session name (for example, "Phpsessid"), which is, of course, executed before the session_start.

Session affects system performance

Session on the large traffic site does affect the performance of the system, one of the reasons for performance is caused by the file system design, in the same directory more than 10,000 files, the location of the file will be very time-consuming, PHP support Session Directory hash, We can modify php.ini in Session.save_path = "2;/path/to/session/dir", then the session will be stored in the level two subdirectory, each directory has 16 subdirectories [0~f], but as if PHP The session does not support creating a directory, you need to create the directory in advance.

Another problem is the efficiency of small files, generally our session data will not be too large (1~2k), if there are a large number of such 1~2k files on disk, IO efficiency will certainly be poor, PHP manual recommended the use of ReiserFS file system, but the prospect of ReiserFS is worrying , ReiserFS's author killed her daughter-in-law, and SuSE abandoned ReiserFS.

In fact, there are many ways to store the session, can be viewed through Php-i|grep "registered save handlers", such as registered save handlers = Files User SQLite Eacce Lerator can be saved through files, users, SQLite, Eaccelerator, and if the server is loaded with memcached, there will be mmcache options. Of course, there are many, such as MySQL, PostgreSQL and so on. is a good choice.

Synchronization of Session
Our front-end may have many servers, the user logged on a server, planted the session information, and then visit some pages of the site might jump to B server up, if this time the B server does not have session information and did not do special treatment, it may be a problem.

There are many kinds of session synchronization, if you are stored in memcached or MySQL, it is very easy to specify to the same location, if it is in the form of files, you can use NFS Unified storage.

There is also a way to achieve through the encryption of cookies, the user on a server login success, the user's browser to type an encrypted cookie, when the user visited the B server, check whether the session, if there is no problem, if not, to verify that the cookie is valid, If the cookie is valid, the session is rebuilt on the B server. This method is actually very useful, if the site has a lot of sub-channels, the server is not a room, the session can not be synchronized and want to do a unified login that would be very useful

Instance problems
Existing system A, B; Suppose a system is a web system that can run independently, that is, the session can be processed directly with the browser, and B system is mobile-based and needs to invoke the function interface of a system.
In the case where a does not change, that is, the login verification, the session storage is unchanged, the B system can handle the front-end user's request.

The solution provided here is to use PHP to implement

After the user login is successful, the Session-id of the saved session is returned to the B system, and then the B system requests the other interfaces with session_id.
A system is preceded by Session_Start with session_id (session_id);

So the B system can safely call a

http://www.bkjia.com/PHPjc/632657.html www.bkjia.com true http://www.bkjia.com/PHPjc/632657.html techarticle A very friend of mine will ask how the session works and what is the difference between it and the cookie, and below we give you a brief introduction about the session working principle, there is need to know the friend can ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.