Risk 1: If the cookie on the client machine fails due to a virus, the session will be lost.
Hazard 2: sessions are stored in a temporary folder in php by default in the form of files. For a small system, this can be done completely,
However, it is not a good solution for a large and frequently accessed system. Suppose there are 1000 people accessing this website each day. A month later, the session Temporary Folder will have 30000 temporary files. Imagine how long it is for a computer to find a session_sid from 30000!
Therefore, to improve efficiency.
Transactions are stored in a database. The specific method is as follows:
1. Change the php. ini file.
Because php saves session files by default, we need to change it. That is, change "session. save_handler = files" to "User ".
Change the session mode to user-defined.
2. Create a database:
Create table 'db _ session '(
'Sskey' char (32) not null,
'Expiry' int (11) unsigned not null,
'Value' text not null,
Primary key ('sskey ')
) ENGINE = InnoDB default charset = latin1;
[/Code]
Database: db_session
Column name: sesskey, expiry. value: sesskey is the primary key.
The Value contains the Value in the session.
3. Create the session_mysql.php file. This file is used to construct a method to save the session. Modify the parameters and use them directly.
Session_mysql.php
PHP code:
Copy codeThe Code is as follows:
<? Php
$ Gb_DBname = "db_myBBS"; // Database Name
$ Gb_DBuser = "root"; // Database User Name
$ Gb_DBpass = "23928484"; // Database Password
$ Gb_DBHOSTname = "localhost"; // host name or IP address
$ SESS_DBH = "";
$ SESS_LIFE = get_cfg_var ("session. gc_maxlifetime"); // obtain the maximum validity period of the session.
Function sess_open ($ save_path, $ session_name ){
Global $ gb_DBHOSTname, $ gb_DBname, $ gb_DBuser, $ gb_DBpass, $ SESS_DBH;
If (! $ SESS_DBH = mysql_pconnect ($ gb_DBHOSTname, $ gb_DBuser, $ gb_DBpass )){
Echo "<li> MySql Error:". mysql_error (). "<li> ";
Die ();
}
If (! Mysql_select_db ($ gb_DBname, $ SESS_DBH )){
Echo "<li> MySql Error:". mysql_error (). "<li> ";
Die ();
}
Return true;
}
Function sess_close (){
Return true;
}
Function sess_read ($ key ){
Global $ SESS_DBH, $ SESS_LIFE;
$ Qry = "select value from db_session where sesskey = '$ key' and expiry>". time ();
$ Qid = mysql_query ($ qry, $ SESS_DBH );
If (list ($ value) = mysql_fetch_row ($ qid )){
Return $ value;
}
Return false;
}
Function sess_write ($ key, $ val ){
Global $ SESS_DBH, $ SESS_LIFE;
$ Expiry = time () + $ SESS_LIFE;
$ Value = $ val;
$ Qry = "insert into db_session values ('$ key', $ expiry,' $ value ')";
$ Qid = mysql_query ($ qry, $ SESS_DBH );
If (! $ Qid ){
$ Qry = "update db_session set expiry = $ expiry, value = '$ value' where sesskey =' $ key' and expiry>". time ();
$ Qid = mysql_query ($ qry, $ SESS_DBH );
}
Return $ qid;
}
Function sess_destroy ($ key ){
Global $ SESS_DBH;
$ Qry = "delete from db_session where sesskey = '$ key '";
$ Qid = mysql_query ($ qry, $ SESS_DBH );
Return $ qid;
}
Function sess_gc ($ maxlifetime ){
Global $ SESS_DBH;
$ Qry = "delete from db_session where expiry <". time ();
$ Qid = mysql_query ($ qry, $ SESS_DBH );
Return mysql_affected_rows ($ SESS_DBH );
}
Session_module_name ();
Session_set_save_handler ("sess_open", "sess_close", "sess_read", "sess_write", "sess_destroy", "sess_gc ");
?>
4. Create a test file.
The created session_mysql.php file must be referenced before use.
Session_test.php
PHP code:
Copy codeThe Code is as follows:
<? Php
Include ("session_mysql.php ");
Session_start ();
$ _ SESSION ['abc'] = "A: I will be back! ";
$ _ SESSION ['meto'] = "B: Me too ";
$ _ SESSION ['name'] = "louis ";
Echo "<a href = \" get_session_test.php \ "> click me </a> ";
?>
Get_session_test.php
Copy codeThe Code is as follows:
<? Php
Include ("session_mysql.php ");
Session_start ();
Echo $ _ SESSION ['abc'];
Echo "<br> ";
Echo $ _ SESSION ['meto'];
Echo "<br> ";
Echo $ _ SESSION ['name'];
$ _ SESSION ['wq'] = "12e ";
Echo "<br> <a href = \" get_session_test2.php \ "> click again </a> ";
?>
Get_session_test2.php
Copy codeThe Code is as follows:
<? Php
Include ("session_mysql.php ");
Session_start ();
Echo $ _ SESSION ['abc'];
Echo "<br> ";
Echo $ _ SESSION ['meto'];
Echo "<br> ";
Echo $ _ SESSION ['name'];
Echo "<br> ";
Echo $ _ SESSION ['wq'];
// Session_destroy (); // The function used to destroy all sessions.
?>