Session and PHP Session_Start ()

Official manual: Http://www.php.net/session_start

The session in the Web refers to the amount of time that a user has spent browsing a website, from entering the site to the browser closing, which is how long it takes for the user to browse the site. So from the definition above we can see that the session is actually a specific time concept. It is important to note that the concept of a session needs to include specific clients, specific server-side, and non-disruptive operating times. A session where the user and the C server are connected when the session is established with the B user and the C server are two different sessions. How the session works (1) When a session is first enabled, a unique identifier is stored in a local cookie. (2) First, using the Session_Start () function, PHP loads the stored session variables from the session repository. (3) When executing a PHP script, register the session variable by using the Session_register () function. (4) When the PHP script executes, the non-destroyed session variable is automatically saved in the session library under the local path, which can be specified by the Session.save_path in the php.ini file and can be loaded the next time the page is browsed. Session is stored on the server side, by default, the session set in PHP.ini is saved by files (Session.save_handler = files), that is, the session data is saved using a read-write file, and the session The directory saved by the file is specified by Session.save_path, and the filename is prefixed with sess_, followed by the session ID, such as: sess_c72665af28a8b14c0fe11afe3b59b51b. The data in the file is the SESSION data after the serialization. If the access volume is large, may produce the session file will be more, then you can set the hierarchical directory to save the session file, the efficiency will be improved a lot, the setting method is: Session.save_path= "N;/save_path", N is a graded series, save _path is the starting directory. When the session data is written, PHP will obtain the client's session_id, and then according to the session ID to the specified session file to save the directory to find the corresponding session file, does not exist to create, and finally to serialize the data to write to the file. Reading session data is the session and COO in PHPKie in PHP development compared to cookie,session is stored on the server side of the session, relatively safe, and does not have the same storage length as the Cookie limit, this article briefly introduces the use of the session. Since the session is stored as a text file on the server side, the client is not afraid to modify the session content. In fact, the server side of the session file, PHP automatically modify the session file permissions, only the system read and write permissions, and can not be modified by FTP, so much more secure. For a cookie, if we want to verify that the user is logged in, we must save the user name and password in the cookie (possibly the MD5 encrypted string) and verify it each time the page is requested. If the user name and password are stored in the database, a database query is executed once each time, which creates an unnecessary burden on the database. Because we can't just do one Test at a time. Why? Because the information in the client Cookie is likely to be modified. If you store $admin variable to indicate whether the user is logged in, $admin is true when the login, false indicates not logged in, after the first pass the verification will be $admin equal to true stored in the Cookie, next time will not be verified, so right? wrong, if someone Forge a $admin variable with a value of true that's not the immediate administrative privilege? It's very unsafe.and the session is different, the session is stored on the server side, the remote user can not modify the contents of the Session file, so we could simply store a $admin variable to determine whether to log in, the first validation passed after the setting $admin value is true, Later to determine whether the value is true, if not, into the landing interface, so that can reduce the number of database operationsof course, the use of the session has many advantages, such as easy to control, according to user-defined storage, etc. (stored in the database). I'm not going to say much here. It is also a similar operation flow, which needs to be deserialized for the data to be read and generate the corresponding SESSION variables. The It can also reduce the security of passing passwords every time a Cookie is validated (session validation needs to be passed only once if you are not using the SSL security protocol). Even if the password is MD5 encrypted, it is easily intercepted.before using $_sesion must be session_start ()----One of the functions, $_session is the server-side cookie, quite a large array (before the browser closes, and before the session is destroyed) $_ Data in session can be used all the time (except for re-assignment). $_session is like an array $_session[' name '] = ' Caocao ' This is analogous to adding an element to the array, which is equivalent to $_session = Array ("name" = "Caocao") when using $_ session[' name '] to get ' Caocao '. session_start ();
Tell the server to use the session. Generally speaking, PHP does not actively use the session.
However, you can set the session.auto_start=1 in php.ini to be used automatically for each request.
The Session_Start (), or automatically open the session,
The server confirms this sessionid corresponding $_session array based on the cookie in the request header or the PHPSESSID in the URL. session_start () is not used in the thinkphp because thinkphp is encapsulated and is carefully validated.

Session and PHP session_start ()