Phpsession working principle analysis

Session is a global variable of the server. Why can it switch between different pages without losing data or saving the data on the client? let's take a look at the working principle and usage of the session. As we all know, http is a stateless protocol, simple...

Session is a global variable of the server. Why can it switch between different pages without losing data or saving the data on the client? let's take a look at the working principle and usage of the session.

As we all know, http is a stateless protocol. Simply put, the web server does not know who is connected to it. to meet the needs of selective information sending, many extensions have been made based on http to achieve this goal, such as digital signatures, cookies, and sessions.
How can a web server or web program know who is connected now? To solve this problem, we first need to establish a one-to-one correspondence between the server and the client. below I will capture the http content to illustrate how this correspondence is established.
I am using an http packet sniffing tool called httplook, and then create a test under the root directory of the local web server. php file address: http: // localhost/test. php. after everything is ready, I open this page repeatedly through the browser.

The code is as follows:
Session_start (); If (isset ($ _ SESSION ['test _ sess']) { $ _ SESSION ['test _ sess'] ++; } Else { $ _ SESSION ['test _ sess'] = 0; } Echo $ _ SESSION ['test _ sess']; ?>;

The information sent to the server and the information returned from the server are as follows:
Reference: The original post is published by "first request server:

The code is as follows:
GET/test. php HTTP/1.1 Accept :*/* Referer: http: // localhost/ Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon;. net clr 1.1.4322) Host: localhost Connection: Keep-Alive

Reference: The original post is published by "the first time the server returns:

The code is as follows:

HTTP/1.1 200 OK Date: Fri, 26 Aug 2005 07:44:22 GMT Server: Apache/2.0.54 (Win32) SVN/1.2.1 PHP/5.0.4 DAV/2 X-Powered-By: PHP/5.0.4 Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0 Pragma: no-cache Content-Length: 1 Keep-Alive: timeout = 15, max = 99 Connection: Keep-Alive Content-Type: text/html; charset = utf-8 Content-Language: Off

Reference: The original post is published by "second request server:

The code is as follows:
GET/test. php HTTP/1.1 Accept :*/* Referer: http: // localhost/ Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon;. net clr 1.1.4322) Host: localhost Connection: Keep-Alive Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3

Reference: The original post is published by "second server return:

The code is as follows:

HTTP/1.1 200 OK Date: Fri, 26 Aug 2005 07:44:23 GMT Server: Apache/2.0.54 (Win32) SVN/1.2.1 PHP/5.0.4 DAV/2 X-Powered-By: PHP/5.0.4 Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0 Pragma: no-cache Content-Length: 1 Keep-Alive: timeout = 15, max = 98 Connection: Keep-Alive Content-Type: text/html; charset = utf-8 Content-Language: Off

By carefully comparing these outputs, the second request is more than the first request:
Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3
This header will send a cookie to the server, telling the server that there is a cookie named PHPSESSID with the content bmmc3mfc94ncdr15ujitjogma3.
How does this cookie come from? The information returned by the first server includes:
Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/
This is a cookie written by the server to the client browser. The name is PHPSESSID and the value is bmmc3mfc94ncdr15ujitjogma3. The value is actually the so-called session_id.
The second request sent to the server still sends the PHPSESSID cookie to the server.

Next let's take a look at session usage.

Session usage in php
The session in PHP uses the client Cookie by default. When the client's Cookie is disabled, it is automatically passed through Query_String.
Php processes a total of 11 session functions. we will introduce several functions in detail.
1. session_start
Function: start a session or return an existing session.
Function prototype: boolean session_start (void );
Return value: Boolean
Function description: This function has no parameters and returns true. It is best to place this function first, and there cannot be any output before it, otherwise an alarm will be triggered, such as: Warning: cannot send session cache limiter-headers already sent (output started at/usr/local/apache/htdocs/cga/member/1.php: 2) in/usr/local/apache/htdocs/cga/member/1.php on line 3
2. session_register
Function: registers a new variable as a session variable.
Function prototype: boolean session_register (string name );
Return value: Boolean value.
Function description: This function adds a variable to the current SESSION in the global variable. the parameter name is the name of the variable to be added. if it succeeds, the logical value true is returned. You can use $ _ SESSION [name] or $ HTTP_SESSION_VARS [name] to set values or assign values.

3. session_is_registered
Function: checks whether a variable is registered as a session variable.
Function prototype: boobean session_is_registered (string name );
Return value: Boolean
Function description: This function checks whether a specified variable has been registered in the current session. the parameter name is the name of the variable to be checked. If the call succeeds, the logical value true is returned.