Hidden danger: If the cookie of the client machine is invalidated by the virus, then the session is equivalent to No.
Hidden Danger two: Session in PHP is the default in the form of files stored in a temporary folder, for a small system, this can be done completely,
But for a large and frequently accessed system, it is not a good idea. Let's say the site is accessible to 1000 people a day. One months from now, the temporary folder for the session will have 30,000 temporary files. Imagine how long it would take a computer to find a session_sid from 30000.
So in order to improve efficiency.
Transaction use Save session with database. The specific methods are as follows:
1. Change the php.ini file.
Because PHP defaults to saving the session by files, we have to change it. namely: find "Session.save_handler = files" To change "files" to "User".
Change the session mode to user-defined.
2. Establishment of a database:
CREATE TABLE ' db_session ' (
' Sesskey ' char (not NULL),
' Expiry ' int (one) unsigned not NULL,
' Value ' text not NULL,
PRIMARY KEY (' Sesskey ')
) Engine=innodb DEFAULT charset=latin1;
[/code]
The database shows: db_session
Column name: Sesskey,expiry,value where: Sesskey primary key.
Value contains the values in the session.
3. Establishment of session_mysql.php documents. This file is used to construct a method for saving the session. Modify the parameters to use directly on it.
session_mysql.php
PHP Code:
Copy Code code as follows:
<?php
$GB _dbname= "Db_mybbs";//Database name
$GB _dbuser= "root";//Database user name
$GB _dbpass= "23928484";//Database Password
$GB _dbhostname= "localhost";//host name or IP address
$SESS _dbh= "";
$SESS _life=get_cfg_var ("Session.gc_maxlifetime");//Get the maximum validity period of the session.
function Sess_open ($save _path, $session _name) {
Global $GB _dbhostname, $GB _dbname, $GB _dbuser, $GB _dbpass, $SESS _dbh;
if (! $SESS _dbh=mysql_pconnect ($GB _dbhostname, $GB _dbuser, $GB _dbpass)) {
echo "<li>mysql Error:". Mysql_error (). <li> ";
Die ();
}
if (!mysql_select_db ($GB _dbname, $SESS _dbh)) {
echo "<li>mysql Error:". Mysql_error (). <li> ";
Die ();
}
return true;
}
function Sess_close () {
return true;
}
function Sess_read ($key) {
Global $SESS _DBH, $SESS _life;
$qry = "Select value from db_session where Sesskey = ' $key ' and expiry >". Time ();
$qid =mysql_query ($qry, $SESS _dbh);
if (list ($value) =mysql_fetch_row ($qid)) {
return $value;
}
return false;
}
function Sess_write ($key, $val) {
Global $SESS _DBH, $SESS _life;
$expiry =time () + $SESS _life;
$value = $val;
$qry = "INSERT into db_session values (' $key ', $expiry, ' $value ')";
$qid =mysql_query ($qry, $SESS _dbh);
if (! $qid) {
$qry = "Update db_session set expiry= $expiry, value= ' $value ' where sesskey= ' $key ' and expiry > '. Time ();
$qid =mysql_query ($qry, $SESS _dbh);
}
return $qid;
}
function Sess_destroy ($key) {
Global $SESS _DBH;
$qry = "Delete from db_session where Sesskey = ' $key '";
$qid =mysql_query ($qry, $SESS _dbh);
return $qid;
}
function sess_gc ($maxlifetime) {
Global $SESS _DBH;
$qry = "Delete from db_session where expiry <". Time ();
$qid =mysql_query ($qry, $SESS _dbh);
Return Mysql_affected_rows ($SESS _dbh);
}
Session_module_name ();
Session_set_save_handler ("Sess_open", "Sess_close", "Sess_read", "Sess_write", "Sess_destroy", "sess_gc");
?>
4. Set up test files.
You must refer to the session_mysql.php file you just created before you use it.
session_test.php
PHP Code:
Copy Code code as follows:
<?php
Include ("session_mysql.php");
Session_Start ();
$_session[' abc ']= "A:I would be back!";
$_session[' Meto ']= "b:me too";
$_session[' name ']= ' Louis ';
echo "<a href=\" get_session_test.php\ ">click me</a>";
?>
get_session_test.php
Copy Code code as follows:
<?php
Include ("session_mysql.php");
Session_Start ();
echo $_session[' abc '];
echo "<br>";
echo $_session[' Meto '];
echo "<br>";
echo $_session[' name '];
$_session[' Wq ']= "12e";
echo "<br><a href=\" get_session_test2.php\ ">click again</a>";
?>
get_session_test2.php
Copy Code code as follows:
<?php
Include ("session_mysql.php");
Session_Start ();
echo $_session[' abc '];
echo "<br>";
echo $_session[' Meto '];
echo "<br>";
echo $_session[' name '];
echo "<br>";
echo $_session[' Wq '];
Session_destroy ()//To destroy all sessions of the function.
?>