Session Mechanism Analysis

$ _ Session is regarded as an array stored on the server. Every variable we register is an array key and there is no difference between using an array.

If you want to log out of the system, you can destroy the session.

? PHP

Session_start ();

// This method destroys a previously registered variable.

Unset ($ _ session ["admin"]);

// This method destroys the entire session file.

Session_destroy ();

 

Can a session set a life cycle like a cookie? Does a session completely discard a cookie? I 'd like to say that it is most convenient to use the session with cookies.

How does a session determine a client user? What is session ID determined by session ID? The session ID is the name of the session file. The session ID is randomly generated. Therefore, the uniqueness and randomness can be ensured. session Security. Generally, if the session life cycle is not set, the session ID is stored in the memory. After the browser is closed, the ID is automatically deregistered and re-requested to the page, and a session ID is re-registered.

If the client does not disable the cookie, the cookie plays the role of storing the session ID and session lifetime when starting the session.

Let's manually set the session lifetime.

? PHP

Session_start ();

// Save for one day

$ Lifetime = 24*3600;

Setcookie (session_name (), session_id (), time () + $ lifetime ,"/");

?

In fact, the session also provides a function session_set_cookie_params (); To set the session lifetime, this function must be called before the session_start () function is called.

? PHP

// Save for one day

$ Lifetime = 24*3600;

Session_set_cookie_params ($ lifetime );

Session_start ();

$ _ Session ["admin"] = true;

?

If the client uses IE 6.0 session_set_cookie_params (); the cookie setting function may cause some problems. Therefore, we need to manually call the setcookie function to create a cookie.

Assuming that the client disables cookies, there is no way to make all life cycles a browser process. If you close the browser and request the page again, you have to re-register the session. So how to pass the session ID through the URL or by hiding the form to pass PHP will automatically send the session ID to the URL on the URL-like http://www.openphp.cn/index.php? PHPSESSID = bba5b2a240a77e5b44cfa01d49cf9669 among them, the PHPSESSID parameter in the URL is the session ID. We can use $ _ get to obtain this value so that the session ID can be transmitted between pages.

? PHP

// Save for one day

$ Lifetime = 24*3600;

// Obtain the current session name. The default value is PHPSESSID.

$ Sessionname = session_name ();

// Obtain the session ID

$ Sessionid = $ _ Get [$ sessionname];

// Use session_id () to set the session ID

Session_id ($ sessionid );

Session_set_cookie_params ($ lifetime );

Session_start ();

$ _ Session ["admin"] = true;

?

For the VM, if all users' sessions are saved in the temporary folder of the system, maintenance is difficult and security is reduced. We can manually set the session file storage path session_save_path () this feature is provided. We can direct the session directory to a folder that cannot be accessed through the web. Of course, this folder must have the read/write attribute.

? PHP

// Set a storage directory

$ Savepath = "./session_save_dir /";

// Save for one day

$ Lifetime = 24*3600;

Session_save_path ($ savepath );

Session_set_cookie_params ($ lifetime );

Session_start ();

$ _ Session ["admin"] = true;

?

The same as session_set_cookie_params (); The session_save_path () function must also be called before the session_start () function call.

We can also store the array objects in the session. There is no difference between an Operation Array and an operation common variable. If an object is saved, PHP will automatically serialize the object and save it in session. The following example illustrates this point.

? PHP

Class person

{

VaR $ age;

Function output (){

Echo $ this-age;

}

Function setage ($ age ){

$ This-age = $ age;

}

}

?

Setage. php

? PHP

Session_start ();

Require_once "person. php ";

$ Person = new person ();

$ Person-setage (21 );

$ _ Session ['person '] = $ person;

Echo "a href = 'HTTP: // blog.163.com/fantasy_lxh/blog/output'check here to output age/";

?

Output. php

?

// Set the callback function to ensure that the object is rebuilt.

Ini_set ('unserialize _ callback_func ', 'mycallback ');

Function mycallback ($ classname ){

$ Classname. ". php ";

}

Session_start ();

$ Person = $ _ session ["person"];

// Output 21

$ Person-output ();

?

When we execute setage. in the PHP file, the setage () method is called to set the age to 21, serialize the status, and save it in the session. php will automatically complete this conversion when it is switched to output. to output this value after PHP, We must deserialize the saved object. Because an undefined class needs to be instantiated during deserialization, we have defined that the callback function will automatically include the person. therefore, the object is restructured and the current age value is 21. Then, the output () method is called to output the value.

In addition, you can use the session_set_save_handler function to customize the session call method.

Session Mechanism Analysis