Hidden danger One: If the client machine's cookie is disabled by the virus, then the session will be the equivalent of No.
Hidden Danger Two: The session in PHP default is in the form of files stored in a temporary folder, for a small system, it is perfectly possible,
But for a large and frequently accessed system, it is not a good idea. Suppose that this site has 1000 visitors a day. After one months, the session's temporary folder will have 30,000 temporary files. Imagine how long it would take a computer to find a session_sid from 30000!
Therefore, in order to improve efficiency.
The transaction uses a database to save the session. Here's how:
1. Change the php.ini file.
Because the way PHP saves the session by default is files, so we're going to change it. That is: find "Session.save_handler = files" and change "files" to "User".
Change the session mode to user-defined.
2. Create a database:
CREATE TABLE ' db_session ' (
' Sesskey ' char (+) is not NULL,
' Expiry ' int (one) unsigned not NULL,
' Value ' text is not NULL,
PRIMARY KEY (' Sesskey ')
) Engine=innodb DEFAULT charset=latin1;
[/code]
Database indicates: db_session
Column name: Sesskey,expiry,value Where: Sesskey is the primary key.
Value contains the values inside the session.
3. Create a session_mysql.php file. This file is used to construct a method to save the session. Modify the parameters directly to use it.
session_mysql.php
PHP Code:
Copy CodeThe code is as follows:
$GB _dbname= "Db_mybbs";//Database name
$GB _dbuser= "root";//Database user name
$GB _dbpass= "23928484";//Database Password
$GB _dbhostname= "localhost";//host name or IP address
$SESS _dbh= "";
$SESS _life=get_cfg_var ("Session.gc_maxlifetime");//Get the maximum expiration date of the session.
function Sess_open ($save _path, $session _name) {
Global $GB _dbhostname, $GB _dbname, $GB _dbuser, $GB _dbpass, $SESS _dbh;
if (! $SESS _dbh=mysql_pconnect ($GB _dbhostname, $GB _dbuser, $GB _dbpass)) {
echo "
MYSQL Error: ". Mysql_error ()."
";
Die ();
}
if (!mysql_select_db ($GB _dbname, $SESS _dbh)) {
echo "
MYSQL Error: ". Mysql_error ()."
";
Die ();
}
return true;
}
function Sess_close () {
return true;
}
function Sess_read ($key) {
Global $SESS _DBH, $SESS _life;
$qry = "Select value from db_session where Sesskey = ' $key ' and expiry >". Time ();
$qid =mysql_query ($qry, $SESS _dbh);
if (list ($value) =mysql_fetch_row ($qid)) {
return $value;
}
return false;
}
function Sess_write ($key, $val) {
Global $SESS _DBH, $SESS _life;
$expiry =time () + $SESS _life;
$value = $val;
$qry = "INSERT into db_session values (' $key ', $expiry, ' $value ')";
$qid =mysql_query ($qry, $SESS _dbh);
if (! $qid) {
$qry = "Update db_session set expiry= $expiry, value= ' $value ' where sesskey= ' $key ' and expiry > '. Time ();
$qid =mysql_query ($qry, $SESS _dbh);
}
return $qid;
}
function Sess_destroy ($key) {
Global $SESS _DBH;
$qry = "Delete from db_session where Sesskey = ' $key '";
$qid =mysql_query ($qry, $SESS _dbh);
return $qid;
}
function sess_gc ($maxlifetime) {
Global $SESS _DBH;
$qry = "Delete from db_session where expiry <". Time ();
$qid =mysql_query ($qry, $SESS _dbh);
Return Mysql_affected_rows ($SESS _dbh);
}
Session_module_name ();
Session_set_save_handler ("Sess_open", "Sess_close", "Sess_read", "Sess_write", "Sess_destroy", "sess_gc");
?>
4. Create the test file.
You must refer to the session_mysql.php file you just created before you use it.
session_test.php
PHP Code:
Copy CodeThe code is as follows:
Include ("session_mysql.php");
Session_Start ();
$_session[' abc ']= "A:I would be a back!";
$_session[' Meto ']= "b:me too";
$_session[' name ']= "Louis";
echo "Click Me";
?>
get_session_test.php
Copy CodeThe code is as follows:
Include ("session_mysql.php");
Session_Start ();
echo $_session[' abc '];
echo "
";
echo $_session[' Meto '];
echo "
";
echo $_session[' name '];
$_session[' Wq ']= "12e";
echo "
Click again ";
?>
get_session_test2.php
Copy CodeThe code is as follows:
Include ("session_mysql.php");
Session_Start ();
echo $_session[' abc '];
echo "
";
echo $_session[' Meto '];
echo "
";
echo $_session[' name '];
echo "
";
echo $_session[' Wq '];
Session_destroy ();//The function used to destroy all session.
?>
http://www.bkjia.com/PHPjc/321365.html www.bkjia.com true http://www.bkjia.com/PHPjc/321365.html techarticle Hidden Danger One: If the client machine's cookie is disabled by the virus, then the session will be the equivalent of No. Hidden trouble Two: The session in PHP default is saved as a file in the form of a ...