Session is a global variable of the server. Why can it switch between different pages without losing data or saving data on the client? let's take a look at the working principle of session and
Session is a global variable of the server. Why can it switch between different pages without losing data or saving the data on the client? let's take a look at the working principle and usage of the session.
As we all know, http is a stateless protocol. Simply put, the web server does not know who is connected to it. to meet the needs of selective information sending, many extensions have been made based on http to achieve this goal, such as digital signatures, cookies, and sessions.
How can a web server or web program know who is connected now? To solve this problem, we first need to establish a one-to-one correspondence between the server and the client. below I will capture the http content to illustrate how this correspondence is established.
I am using an http packet sniffing tool called httplook, and then create a test under the root directory of the local web server. php file address: http: // localhost/test. php. after everything is ready, I open this page repeatedly through a browser. the code is as follows:
-
- Session_start ();
- If (isset ($ _ SESSION ['test _ sess']) {
- $ _ SESSION ['test _ sess'] ++;
- } Else {
- $ _ SESSION ['test _ sess'] = 0;
- }
- Echo $ _ SESSION ['test _ sess'];
- ?>;
The following are the information sent to the server and the information returned by the server.
Reference: The original post is published by "first request server,The code is as follows:
- GET/test. php HTTP/1.1
- Accept :*/*
- Referer: http: // localhost/
- Accept-Language: zh-cn
- Accept-Encoding: gzip, deflate
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon;. net clr 1.1.4322)
- Host: localhost
- Connection: Keep-Alive
Reference: The original post is published by "the first time the server returns". the code is as follows:
- HTTP/1.1 200 OK
- Date: Fri, 26 Aug 2005 07:44:22 GMT
- Server: Apache/2.0.54 (Win32) SVN/1.2.1 PHP/5.0.4 DAV/2
- X-Powered-By: PHP/5.0.4
- Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0
- Pragma: no-cache
- Content-Length: 1
- Keep-Alive: timeout = 15, max = 99
- Connection: Keep-Alive
- Content-Type: text/html; charset = utf-8
- Content-Language: Off
Reference: The original post is published by "second request server". the code is as follows:
- GET/test. php HTTP/1.1
- Accept :*/*
- Referer: http: // localhost/
- Accept-Language: zh-cn
- Accept-Encoding: gzip, deflate
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon;. net clr 1.1.4322)
- Host: localhost
- Connection: Keep-Alive
- Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3
Reference: The original post is published by "second server return". the code is as follows:
- HTTP/1.1 200 OK
- Date: Fri, 26 Aug 2005 07:44:23 GMT
- Server: Apache/2.0.54 (Win32) SVN/1.2.1 PHP/5.0.4 DAV/2
- X-Powered-By: PHP/5.0.4
- Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0
- Pragma: no-cache
- Content-Length: 1
- Keep-Alive: timeout = 15, max = 98
- Connection: Keep-Alive
- Content-Type: text/html; charset = utf-8
- Content-Language: Off
By carefully comparing these outputs, the second request is more than the first request:
Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3
This header will send a cookie to the server, telling the server that there is a cookie named PHPSESSID with the content bmmc3mfc94ncdr15ujitjogma3.
How does this cookie come from? The information returned by the first server includes:
Set-Cookie: PHPSESSID = bmmc3mfc94ncdr15ujitjogma3; path =/
This is a cookie written by the server to the client browser. The name is PHPSESSID and the value is bmmc3mfc94ncdr15ujitjogma3. The value is actually the so-called session_id.
The second request sent to the server still sends the PHPSESSID cookie to the server.
Next let's take a look at session usage.
Session usage in php: the session in PHP uses the client Cookie by default. when the client Cookie is disabled, it is automatically passed through Query_String.
Php processes a total of 11 session functions. we will introduce several functions in detail.
1. session_start
Function: start a session or return an existing session.
Function prototype: boolean session_start (void );
Return value: Boolean
Function description: This function has no parameters and returns true. It is best to place this function first, and there cannot be any output before it, otherwise an alarm will be triggered, such as: Warning: cannot send session cache limiter-headers already sent (output started at/usr/local/apache/htdocs/cga/member/1.php: 2) in/usr/local/apache/htdocs/cga/member/1.php on line 3
2. session_register
Function: registers a new variable as a session variable.
Function prototype: boolean session_register (string name );
Return value: Boolean value.
Function description: This function adds a variable to the current SESSION in the global variable. the parameter name is the name of the variable to be added. if it succeeds, the logical value true is returned, you can use $ _ SESSION [name] or $ HTTP_SESSION_VARS [name] to set values or assign values.
3. session_is_registered
Function: checks whether a variable is registered as a session variable.
Function prototype: boobean session_is_registered (string name );
Return value: Boolean
Function description: This function checks whether a specified variable has been registered in the current session. the parameter name is the name of the variable to be checked. If the call succeeds, the logical value true is returned.
4. session_unregister
Function: Delete a registered variable.
Function prototype: boolean session_session_unregister (string name );
Return value: Boolean
Function description: This function deletes the variables in the global variables in the current session. The parameter name is the name of the variable to be deleted. if it is successful, true is returned.
5. Session_destroy
Function: ends the current session and clears all resources in the session.
Function prototype: boolean session destroy (void );
Return value: Boolean value.
Function description: This function ends the current session. this function has no parameters and returns true.
The functions described above will be used in the following sections, but there are also some functions related to the session:
6. session_encode
Function: sesssion information encoding
Function prototype: string session_encode (void );
Return value: string
Function description: the returned string contains the names and values of each variable in the global variable, in the form of a | s: 12: "it is a test"; c | s: 4: "lala"; a is the variable name s: 12 represents the value of variable a "it is a test the length is 12 variables are separated by semicolons.
7. session_decode
Function: decodes sesssion information.
Function prototype: boolean session_decode (string data)
Return value: Boolean
Function description: This function decodes session information. if the session information is successful, the logical value true is returned.
8. session_name
Function: Access the current session name.
Function prototype: boolean session_name (string [name]);
Return value: string
Function description: This function can obtain or reset the name of the current session. If the parameter name is not set, the current session name is obtained. if the parameter is added, the session name is set to the parameter name.
9. session_id
Function: Access the ID of the current session.
Function prototype: boolean session_id (string [id]);
Return value: string
Function description: This function can obtain or reset the ID number of the currently stored session. If no parameter id is specified, only the id of the current session is obtained. if a parameter is added, the id of the session is set to the new id.
10. session_unset
Function: delete all registered variables.
Function prototype: void session_unset (void)
Return value: Boolean
Function description: Unlike Session_destroy, this function does not end a session. Just like using the session_unregister function to cancel all session variables one by one
The following conclusions can be obtained:
1. if session is used, the session will be sent to the client browser through cookie.
2. each time a request is sent to the server, the local browser attaches the cookie to the request information.