PHP session working principle and usage detailed

1. What is session

2.Session from the User access page, to disconnect from the Web site to form a session life cycle. During a session, the client is assigned a unique sessionid to identify the current user and differentiate it from other users.
3.Session session, SessionID is stored separately on the client and server side two locations, for the client to save with a temporary cookie (called PHPSESSID) or through a URL string, The server side is also saved as a text file in the specified session directory.
4.Session receives each access request by ID to identify the current user, track and maintain the user's specific data, and session variables (you can store numbers or text data during sessions, such as Session_name, etc.), The variable information is saved on the server side.
5.SessionID can be saved to the database as session information, and can be persisted, so as to keep track of each user's Landing times, online or not, online time, etc.
Session.name=phpsessid the name of the session used in a cookie

Session.save_handler=files The control method used to save/retrieve data
session.save_path=/tmp The parameter to the controller when Save_handler is set as a file, which is the path where the data file will be saved.
Session.use_cookies=1 whether to use cookies

How to operate the session in PHP:

Session_Start (); Use this function to open the session function

$_session//using predefined global variables to manipulate data

Destroys the value of a session using unset ($_session[' key ')]/

Simple operation, everything is implemented by the server, because the processing in the background, everything looks very safe. But what kind of mechanism does the session adopt, and how is it implemented, and how to maintain the state of the conversation?

Here by the way, if you want to do the server LVS, that is, more than one server, we generally use the memcached way of session, otherwise it will cause some requests can not find sessions.
a simple memcache configuration:

The code is as follows	Copy Code
Session.save_handler = Memcache Session.save_path = "tcp://10.28.41.84:10001"

Of course, if you have to use the files file cache, we can make the file NFS, all the save session files to a location.

Just now the Session-id returned to the user is eventually saved in memory, where we can also set the parameters to save it in the user's URL.

Why do I have to perform session_start () before using session?

Understand the principle, the so-called session is actually a session ID server side of the session file, the new session before the implementation of Session_Start () is to tell the server to plant a cookie and prepare the session file, otherwise your session content how to save; Read session before executing session_start () is to tell the server, hurriedly according to session The ID deserializes the session file.

Only one session function can be executed before session_start (), Session_name (): Read or specify the session name (for example, the default is "Phpsessid"), which of course is performed before Session_Start.

Session affects system performance

Session in the large traffic site does affect system performance, one of the reasons that affect performance by the file system design, in the same directory more than 10,000 files, the location of the file will be very time-consuming, PHP support Session Directory hash, We can modify the Session.save_path = "2;/path/to/session/dir" in PHP.ini, then session will be stored in the level two subdirectory, each directory has 16 subdirectories [0~f], but as if PHP The session does not support creating directories, and you need to create them in advance.

Another problem is the efficiency of small files, generally our session data is not too large (1~2k), if there are a large number of such 1~2k files on disk, IO efficiency will be very poor, PHP manual recommended use of ReiserFS file system, but the future of ReiserFS is worrying , ReiserFS the author of the daughter-in-law to kill, SuSE also abandoned the reiserfs.

In fact, there are many ways to store sessions, which can be viewed by php-i|grep "registered save handlers," such as registered save handlers => files user SQLite Eacce Lerator can be saved through files, users, SQLite, Eaccelerator, if the server installed memcached, there will be mmcache options. Of course, there are many, such as MySQL, PostgreSQL and so on. is a good choice.

Synchronization of Sessions
Our front-end may have many servers, users in a server login, plant the session information, and then visit some of the Web site can skip to the B server, if this time B server no session information and no special treatment, may be a problem.

There are many kinds of session synchronization, if you are stored in memcached or MySQL, it is easy to specify the same location, if the file form, you can use NFS Unified storage.

Another way is through the encryption of cookies to achieve, the user login on a server successfully, in the user's browser to type an encrypted cookie, when users visit B server, check whether the session, if there is no problem, if not, to check whether the cookie is valid, If the cookie is valid, the session is rebuilt on the B server. This method is actually very useful, if the site has a lot of sub channels, the server is not a computer room, the session can not sync and want to do unified login that would be too useful.

Instance problem
existing system a,b; Suppose a system is a web system that can run on its own, that is, it can handle session directly with the browser, b system is based on mobile, need to call the function interface of a system,
In the case of keeping a unchanged, that is, login verification, session storage is unchanged, B system can handle the front-end user's request.

The solution provided here is to use PHP to implement

After the user log in successfully, the Session-id of the saved session is returned to the B system, and the B system requests each other interface with session_id each time.
A system is preceded by a session_start plus session_id (session_id);

So the B system can safely call a