[Session] PHP session mechanism, configuration and advanced applications

---------------------------------------------------------------------------------------------------------

A. The session Principle of PHP:

1. Open Session_Start (), the server side produces session file, the relevant information stored in this file, the file is "Sess_" prefix, the connection session_id () value to name (the content is generated by the specific algorithm of the user's plaintext information, Large projects are encrypted), while SessionID is retained in the client browser's cookie.

2. Second Open session_start (), the browser to determine whether there is sessionid in the cookie, if any, no longer create the file, but directly use this SessionID access to the server, through the SessionID to find the corresponding session file, The contents of the read session are stored in the $_session array.

Note: You cannot have any output before session_start (), this function sends a session_id to the client to be saved in the cookie.

[email protected] Black eyed poet <www.chenwei.ws>-------------------------------------

Two. The PHP mechanism uses the session:

1. Open session

Session_Start ();

2. Access session

$_session[' uname '] = ' chenwei ';

3. Destroy session

unset ($_session[' uname '); Delete the variables stored in memory by the session array; $_session = Array () Clear all Session variables

Setcookie (Session_name (), ", Time ()-1, '/'); Delete the SessionID in the client cookie, Session_name () default is PHPSESSID

Session_destory (); Destroying server-side session files

Three. Session configuration options for PHP

The most direct way to view the session configuration is phpinfo (); Then configure the session options in the/usr/local/php/etc/php.ini file as needed, in fact, the default is generally possible.

Configuration options that you can consider changing are:

Session.cookie_lifetime = 0; Set the cookie save time (in seconds), which is equivalent to the session expiration time, 0 means until the browser restarts

Session.save_handler = files; The way to save and retrieve data, default to file; Involves a storage mechanism that does not extend here

Of course, you can not modify the configuration file, using System functions to achieve the same effect:

Setcookie (Session_name (), session_id (), Time () +1440, '/'); Set the cookie to be valid for 1440 seconds (24 ') to resolve the loss of the browser session, the session is stored on the server for a maximum time of 24 ', and will not expire after reconnecting. (That is, keep the login function)

Four. PHP session Auto-recovery mechanism (startup probability = Session.gc_probability/session.gc_divisor)

Session.gc_probability = 1//Startup chance

Session.gc_divisor = 1000//dividend, factor

Session.gc_maxlifetime = 1440//Set maximum expiration time of session, default 1440 "

As long as the client has operations, the session expiration time will remain unchanged, when the expiration time is not operational, the recovery mechanism will be started, the server session deleted.

　　

Five. Pass the session ID based on the URL (to resolve the client's cookie-disabling situation)

1. URL parameters:

<a href= "demo.php?<?php Echo session_name (). ' = '. session_id ();?> ">DEMO</a>

Service-side processing:

$sid =!empty ($_get[session_name ())? $_get[session_name ()]: ";

session_id ($SID); Set the session to open with an existing SID before Session_Start ()

Session_Start ();

2. How do I automatically determine if a cookie is turned on and use the corresponding delivery method? (Use system with SID constant, auto-judge)

<a href= "demo.php?<?php echo SID;?>" >DEMO</a>

$sid =!empty ($_get[session_name ())? $_get[session_name ()]: ";

if ($sid! = ") {

session_id ($SID);

}

3. Automatically add the URL to the session ID?

Enable_trans_uid configuration options, and runtime options Session.use_trans_sid are activated, when the client disables the cookie, the relative URL is automatically modified to contain SessionID, If you do not configure or use a Windows server, you can use a constant SID.

--------------------------------------------------------------------------------------------------------