PHP5 Session Detailed

Source: Internet
Author: User
Tags php session unique id

The HTTP protocol is the protocol that the Web server communicates with the client (browser), which is a stateless protocol. The so-called stateless, refers to the HTTP request data is not maintained, the HTTP request is independent, non-persistent.

With the development of Web application, we need to save some user state information. So the session should be born with this kind of solution. PHP supports session management from 4.1 onwards.

The session is a very abstract concept. We might as well start with a few traces of it that are closely related to it, and then gradually get to know it.

Session Store

First, why we need a session is because we need to store the state data for each user. So, if you are designing a solution to this need, then perhaps you will set up such a data table to store the status information for each user:

Session
Uid Created Data Lifetime
7v7nehq2rm9vv9p0k5dld7qiu6 1440732307 username=hao890 1440
76q0igm4k18uir5rfflhpkti87 1440732320 username=hao268 1440


UID: User Unique identifier, distinguishing other users

Created: Record generation time

Data: To store user-related information

Lifetime: Valid time for recording

Similarly, the PHP Design management session scenario is roughly the same, and it contains the following information, respectively:

1. Session ID
User session Unique identifier, a randomly generated string of strings, with uniqueness, randomness. It is mainly used to distinguish the session data of other users. When a user accesses a Web page for the first time, the PHP session initialization function call is assigned to the current visiting user with a unique ID, also known as session_id.

2. Session data
We put the user status information that needs to be saved through the session, called the user session data, also known as session data.

3. Session File
PHP defaults to storing session data in a single file. We refer to the file that holds the session data as the session file. It is set by a special php.ini Session.save_path specify the session file storage path, CentOS5.3 operating system, PHP5.1 by default in the/var/lib/php/session directory. The name of the user session file is prefixed with Sess_, named after session_id, for example, session ID is VP8LFQNSKJVSIILCP1C4L484D3, then the session filename is Sess_ Vp8lfqnskjvsiilcp1c4l484d3

4. Session Lifetime
We start the initialization session until we unregister the session, which is called the session life cycle, which helps us understand the session management function.

From this, we can see: When each user accesses the Web, the session initialization function of PHP assigns a unique session ID to the current visiting user. And at the end of the session life cycle, the session data generated by the user during this period is persisted to the session file. When the user accesses again, the session initialization function will read the session data from the session file and start the new session life cycle.

PHP.ini settings related to session storage

1. Session.save_handler = File
The way to read/write back session data, by default, files. It allows the session management function of PHP to store session data using the specified text file

2. Session.save_path = "/var/lib/php/session"
Specifies the directory where the session file is saved, can be specified to another directory, but the specified directory must have the httpd daemon owner (such as Apache or WWW, etc.) write permission, or cannot save the session data. When the specified directory does not exist, the PHP session environment initialization function will not help you create the specified directory, so you need to manually build the specified directory.
It can also be written like this session.save_path = "N;/path" where N is an integer. This allows not all session files to be stored in the same directory, but scattered in different directories. This is useful for servers that handle a large number of session files. (Note: Directories need to be created manually)

3. Session.auto_start = 0
If this option is enabled, the session will be initialized for each request of the user. We recommend that you do not enable this setting, preferably through the session_start () display to initialize the session.

Session Sync Data

Once the Session_Start () initialization session is called, it means that a session life cycle is started. It is announced that you can use the correlation function to manipulate $_session to manage session data. The data generated during the session life cycle is not written to the session file in real time, but is sent to memory via $_session variables. So, when will the data that is present in memory be written to the session file? This is also the main test content of our section.

Before testing, let's introduce several PHP functions, or events that affect session data

1. Session_Start ()
The function Session_Start initializes the session and also identifies the beginning of the session life cycle. To use the session, you must initialize a session environment. A bit similar to the OOP concept of calling a constructor construct to create an object instance.
Session initialization operation, declares a global array $_session, maps the session data that is present in memory. If the session file already exists and the session data is saved, session_start () reads the session data, fills in the $_session, and begins a new session life cycle.

2. $_session
It is a global variable, and the type is an array, which maps the session data of the session life cycle, which is in memory. When the session is initialized, the data is read from the session file and filled into the variable. At the end of the session life cycle, write the $_session data back to the session file.

3. Session_register ()
During the session life cycle, the global variable name is used to register the global variable with the current session. The so-called registration, is to fill the variable into the $_session, the value is null. It does not perform any IO operations on the session file, but only affects the $_session variable. Note that the correct wording of this is session_register (' varname '), not Session_register ($varname)

4. Session_unregister ()
Contrary to the session_register operation, the specified variable is unregistered from the current session during the session life cycle. Also affects $_session only, and does not perform any IO operations.

5. Session_unset ()
In the session life cycle, unregister all session data from the current session and let $_session become an empty array. It differs from unset ($_session) in that unset deletes the $_session variable directly, freeing the memory resource, and the other difference is that session_unset () can manipulate the $_session array only during the SESSION life cycle, and unset () The $_session array can be manipulated throughout the page life cycle. Session_unset () also does not perform any IO operations, affecting only the $_session array.

6. Session_destroy ()
If you say Session_Start () Initializes a session, it unregisters a session. means that the session life cycle is over. After the session life cycle is complete, session_register, Session_unset, Session_register will not be able to manipulate the $_session array, and the $_session array can still be manipulated by functions such as unset (). At this point, the session means undefined, and $_session is still a global variable, and they are out of the mapping relationship.
Logging out of the session via Session_destroy (), in addition to ending the session life cycle, will also delete the Sesion file, but will not affect the current $_session variable. That is, it generates an IO operation.

7. SESSION_REGENERATE_ID ()
Calling it will reassign a new session ID to the current user. And at the end of the current page life cycle, the current session data is written to the session file. The premise is that the current session life cycle is not terminated until this function is called (refer to 9th). It generates an IO operation, creates a new session file, creates a new session file, and creates a new session file immediately before the end of the session, rather than calling this function.

8. Session_commit ()
The Session_commit () function is an alias for the Session_write_close () function. It will end the life cycle of the current session and will immediately force the session data to be written to the session file. It is not recommended to manually write session data via Session_commit () because PHP automatically ends the session life cycle that is not currently terminated at the end of the page life cycle. It generates an IO write operation

9. End Session
The end session, by default, is the end of the page life cycle, and PHP automatically ends the session that is not currently terminated. However, you can also end the session early with Session_commit () and Session_destroy () two functions. Either way, ending the session will result in an IO operation that is different. By default, an IO write operation is generated to write the current session data back to the session file. Session_commit () invokes the function at the moment, generating an IO write operation to write the session data back to the session file. Unlike Session_destroy (), it does not write data back to the session file, but instead deletes the current session file directly. Interestingly, neither session_commit () or Session_destroy () will not empty the $_session array, nor will it delete the $_session array, except that all session_* functions can no longer manipulate session data. Because the current session life cycle is terminated, you cannot manipulate an undefined object.

PHP5 Session Detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.