PHP uses the mysql database to store session code. Risk 1: if the cookie on the client machine fails due to a virus, the session will be lost. Hazard 2: session is stored in a file by default in php. Hazard 1: if the cookie on the client machine fails due to a virus, the session will be lost.
Hazard 2: Sessions are stored in a temporary folder in php by default in the form of files. for a small system, this can be done completely,
However, it is not a good solution for a large and frequently accessed system. Suppose there are 1000 people accessing this website each day. A month later, the session temporary folder will have 30000 temporary files. Imagine how long it is for a computer to find a session_sid from 30000!
Therefore, to improve efficiency.
Transactions are stored in a database. The specific method is as follows:
1. change the php. ini file.
Because php saves session files by default, we need to change it. That is, change "session. save_handler = files" to "User ".
Change the session mode to user-defined.
2. create a database:
Create table 'DB _ session '(
'Sskey' char (32) not null,
'Expiry' int (11) unsigned not null,
'Value' text not null,
Primary key ('sskey ')
) ENGINE = InnoDB default charset = latin1;
[/Code]
Database: db_session
Column name: sesskey, expiry. value: sesskey is the primary key.
The Value contains the Value in the session.
3. create the session_mysql.php file. This file is used to construct a method to save the session. Modify the parameters and use them directly.
Session_mysql.php
PHP code:
The code is as follows:
$ Gb_DBname = "db_myBBS"; // database name
$ Gb_DBuser = "root"; // database user name
$ Gb_DBpass = "23928484"; // database password
$ Gb_DBHOSTname = "localhost"; // host name or IP address
$ SESS_DBH = "";
$ SESS_LIFE = get_cfg_var ("session. gc_maxlifetime"); // obtain the maximum validity period of the session.
Function sess_open ($ save_path, $ session_name ){
Global $ gb_DBHOSTname, $ gb_DBname, $ gb_DBuser, $ gb_DBpass, $ SESS_DBH;
If (! $ SESS_DBH = mysql_pconnect ($ gb_DBHOSTname, $ gb_DBuser, $ gb_DBpass )){
Echo"
MySql Error: ". mysql_error ()."
";
Die ();
}
If (! Mysql_select_db ($ gb_DBname, $ SESS_DBH )){
Echo"
MySql Error: ". mysql_error ()."
";
Die ();
}
Return true;
}
Function sess_close (){
Return true;
}
Function sess_read ($ key ){
Global $ SESS_DBH, $ SESS_LIFE;
$ Qry = "select value from db_session where sesskey = '$ key' and expiry>". time ();
$ Qid = mysql_query ($ qry, $ SESS_DBH );
If (list ($ value) = mysql_fetch_row ($ qid )){
Return $ value;
}
Return false;
}
Function sess_write ($ key, $ val ){
Global $ SESS_DBH, $ SESS_LIFE;
$ Expiry = time () + $ SESS_LIFE;
$ Value = $ val;
$ Qry = "insert into db_session values ('$ key', $ expiry,' $ value ')";
$ Qid = mysql_query ($ qry, $ SESS_DBH );
If (! $ Qid ){
$ Qry = "update db_session set expiry = $ expiry, value = '$ value' where sesskey =' $ key' and expiry>". time ();
$ Qid = mysql_query ($ qry, $ SESS_DBH );
}
Return $ qid;
}
Function sess_destroy ($ key ){
Global $ SESS_DBH;
$ Qry = "delete from db_session where sesskey = '$ key '";
$ Qid = mysql_query ($ qry, $ SESS_DBH );
Return $ qid;
}
Function sess_gc ($ maxlifetime ){
Global $ SESS_DBH;
$ Qry = "delete from db_session where expiry <". time ();
$ Qid = mysql_query ($ qry, $ SESS_DBH );
Return mysql_affected_rows ($ SESS_DBH );
}
Session_module_name ();
Session_set_save_handler ("sess_open", "sess_close", "sess_read", "sess_write", "sess_destroy", "sess_gc ");
?>
4. create a test file.
The created session_mysql.php file must be referenced before use.
Session_test.php
PHP code:
The code is as follows:
Include ("session_mysql.php ");
Session_start ();
$ _ SESSION ['ABC'] = "A: I will be back! ";
$ _ SESSION ['meto'] = "B: Me too ";
$ _ SESSION ['name'] = "louis ";
Echo "click me ";
?>
Get_session_test.php
The code is as follows:
Include ("session_mysql.php ");
Session_start ();
Echo $ _ SESSION ['ABC'];
Echo"
";
Echo $ _ SESSION ['meto'];
Echo"
";
Echo $ _ SESSION ['name'];
$ _ SESSION ['wq'] = "12e ";
Echo"
Click again ";
?>
Get_session_test2.php
The code is as follows:
Include ("session_mysql.php ");
Session_start ();
Echo $ _ SESSION ['ABC'];
Echo"
";
Echo $ _ SESSION ['meto'];
Echo"
";
Echo $ _ SESSION ['name'];
Echo"
";
Echo $ _ SESSION ['wq'];
// Session_destroy (); // The function used to destroy all sessions.
?>
Bytes. Hidden Danger 2: By default, session is saved in the form of a file in php...