PHPSession mechanism overview and usage

This article mainly introduces the PHPSession mechanism and its usage. For more information, see

This article mainly introduces the PHP Session mechanism and its usage. For more information, see

When the server creates a session (session_start (), the server creates a session file named sessionID in the specified folder of the server and sends it to the browser as the cookie value. Each time the browser accesses the server, it will carry the cookie, and the server will identify and change the sessionID to find the corresponding session file. This file contains several key-value pairs. The folder where the session file is stored can be modified in the configuration file php and ini.

Cookie is verified on each request page. If user information is stored in the database, a database query is executed every time, causing extra burden on the database. Cookie can be modified, so the security factor is too low.

Session is a session stored on the server end. It is relatively secure and does not have the storage length limit as the Cookie does. The Session is stored on the server as a text file, so the client is not afraid to modify the Session content. In fact, in the Session file on the server side, PHP automatically modifies the session file permissions, only retaining the system read and write permissions, and cannot be modified through ftp, which is much safer.

For Cookie, if we want to verify whether the user logs in, we must save the user name and password (which may be the md5 encrypted string) in the Cookie and perform verification on each request page.

If the user name and password are stored in the database, a database query is executed every time, causing extra burden on the database. Because we cannot perform only one verification. Why?

Because the information in the client Cookie may be modified. If you store the $ admin variable to indicate whether the user has logged on, $ admin indicates logging on when it is set to true, and false indicates not logging on, after the first verification is passed, $ admin equals true is stored in the Cookie, so no verification is required next time. Is this correct? Wrong. If someone spoofs a $ admin variable with the value true, isn't the administrator privilege immediately obtained? Very insecure.

The Session is different. The Session is stored on the server, and remote users cannot modify the content of the Session file. Therefore, we can simply store a $ admin variable to determine whether to log on, after the first verification is passed, set $ admin to true, and then judge whether the value is true. If not, transfer it to the login interface, which can reduce a lot of database operations.

In addition, it can reduce the security of passing passwords to verify cookies every time (Session verification only needs to be passed once, if you do not use the SSL Security Protocol ). Even if the password is encrypted with md5, it is easily intercepted.

The session creates a unique session ID for each visitor who has enabled the session to identify the user. The session ID may be stored in the cookie on the user's computer or transmitted through a URL. The specific session values will be stored on the server, which is also the main difference with cookies, and the security is relatively high.

Create a session

To create a session or return an existing session, you must first use the session_start () function to start a session. The system will assign a session ID:

<? Phpsession_start (); // This function has no parameter and returns true. It is best to place this function first, and there is no output before it, otherwise there will be an alarm?>

Register session Variables

Use the session_register () function to register a session variable. If yes, TRUE is returned. Otherwise, FALSE is returned.

Syntax: bool session_register (mixed name [, mixed...])

You can use the session_register () function to register one or more global session variables under the current session. The parameter name is the name of the variable to be added. If the parameter is successful, the logical value true is returned. You can use $ _ SESSION [name] or $ HTTP_SESSION_VARS [name] To set values or assign values.

Example:

<? Phpsession_start (); $ username = "nostop"; session_register ("username");?>

In this example, we registered a variable named username with the value of nostop to the session.

Read session

PHP's built-in $ _ SESSION variable allows you to easily access the set session variable.

Example:

<? Phpsession_start (); echo "the user name for registration is:". $ _ SESSION ["username"]; // the user name for output registration is: nostop?>

Destroy session

Session_unregister () cancels a single session variable
Unset ($ _ SESSION ['age']); used to cancel a SESSION variable registered with $ _ session ['age ']
Session_unset () delete all registered Variables
Session_destroy (): cancels all session variables and cancels the entire session

Example:

<? Phpsession_start (); session_unregister ("username"); // cancel a session variable session_unset (); // cancel a session?>

Check whether the variable is registered as a session variable

Session_is_registered

Syntax: boobean session_is_registered (string name );

This function can check whether the specified variable has been registered in the current session. The parameter name is the name of the variable to be checked. If the call succeeds, the logical value true is returned.

Example:

<? Php session_start (); if (! Session_is_registered ("gender") {// determines whether the current session variable registers session_register ("gender"); // registers the variable} $ gender = "female "; echo $ _ SESSION ['gender']; // female?>

Access the current session name

Session_name

Syntax: boolean session_name (string [name]);

This function can get or reset the name of the current session. If the parameter name is not set, the current session name is obtained. If the parameter is added, the session name is set to the parameter name.

Example:

<? Php $ sessionName = session_name (); // GET the current Session name. The default value is PHPSESSID $ sessionID =$ _ GET [$ sessionName]; // GET Session IDsession_id ($ sessionID ); // use session_id () to set the obtained Session ID?>

Access the current session ID

Session_id

Syntax: boolean session_id (string [id]);

This function can obtain or reset the ID number of the currently stored session. If there is no parameter id, only the id of the current session is obtained. If the parameter is added, the id of the session is set to the newly specified id.

Set the Session lifetime

Setcookie: Send an HTTP cookie to the client.

<? Php session_start // save for one day $ lifeTime = 24*3600; setcookie (session_name (), session_id (), time () + $ lifeTime, "/");?>