Set four answers to a strict 30-minute overdue Session interview question in PHP and four answers to the session_php tutorial

In PHP, set four answers and four answers to a strict 30-minute overdue Session Question. In PHP, I set four answers to a strict 30-minute expired Session interview question. session4 answers a question on my weibo today: I often ask a question during the interview: "How to set up four answers for a strictly 30-minute expired Session interview question in PHP, and four answers for Session

Today, I posted a question on my weibo:

During the interview, I often asked a question: "How do I set a 30-minute overdue Session ?", Don't think it looks simple. there is a lot of knowledge here, which is especially suitable for you to check whether basic skills are solid. who will give it a try? Haha

Why?

1. I saw someone discussing this issue on stackoverflow.
2. I often ask this question, so ~~

Here, I will answer this question.

First answer

The most common answer is: Set the Session expiration time, that is, session. gc_maxlifetime. this answer is incorrect for the following reasons:

1. first, PHP runs the session gc with a certain probability, that is, the session. gc_probability and session. gc_pisor (for details, refer to a Permission denied Notice solution for PHP Session usage). the default values are 1 and 100, which means there is a 1% chance, PHP will run Session gc when a Session is started. it cannot be guaranteed that it will expire in 30 minutes.

2. what about setting a high probability of cleaning? Why? Because PHP uses the modification time of the stat Session file to determine whether the file has expired. if this probability is increased, the performance will be reduced, PHP uses a "one" file to store Session variables related to a Session. Suppose I set a Session variable a = 1 five minutes ago, five minutes later, another Seesion variable B = 2 is set. the modification time of this Session file is the time when B is added, so a cannot be at 30 minutes, cleared. the third reason is as follows.

3. the default PHP (Linux as an example) is to use/tmp as the default Session storage directory, which is also described in the manual as follows:

Note: If different scripts have different session. gc_maxlifetime values but share session data stored in the same place, the script with the minimum value clears the data. In this case, use this command with session. save_path.

That is to say, if two applications do not specify their own independent save_path, one is set to 2 minutes (assumed as A), and the other is set to 30 minutes (assumed as B ), when Session gc of A is run, Session files of Application B will be deleted at the same time.

Therefore, the first answer is not "completely strict.

Second answer

Another common answer is: Set the carrier of the Session ID, and the Cookie expiration time, that is, session. cookie_lifetime. this answer is also incorrect, for the following reasons:

This expiration only indicates that the Cookie expires. In other words, the difference between the Cookie and the Session is that the Session expires on the server and the Cookie expires on the client (browser, even if you set Cookie expiration, this can only ensure that the Cookie (including Session ID) will not be sent when the standard browser expires. if you construct a request, you can also use the value of this Session ID.

Third answer

The use of memcache, redis, and okey is a correct answer. However, it is clear that the question will be followed up to ask you, what if you just use PHP?

Fourth answer

Of course, the interview is not for you, but for the sake of observing the closeness of thinking. in this process, I will prompt these traps, so in general, the practice that fits the meaning of the question is:

1. set the Cookie expiration time to 30 minutes, and set the Session life time to 30 minutes.

2. add Time stamp for each Session value.

3. determine the timestamp before each access.

Finally, some people asked why we should set a 30-minute expiration time: first, this is for the interview. second, in actual use cases, such as a discount that expires in 30 minutes?

Thanks :)

Php session will not expire. how can I set expiration?

Php session will expire. (it is the cookie of the session, that is, closing the browser, and the session expires.) if you want to force the session to expire, you can:

Setcookie (session_name (), '', time ()-3600 );
Session_destroy ();

Use both of them at the same time.

Hope to help you. if you have any questions, please leave a message.

How to set the session expiration time in php? I want to set it in the code, not in phpini.

Try session_cache_expire.

Example 1. session_cache_expire () example


/* Set the cache limiter to 'private '*/

Session_cache_limiter ('private ');
$ Cache_limiter = session_cache_limiter ();

/* Set the cache expire to 30 minutes */
Session_cache_expire (30 );
$ Cache_expire = session_cache_expire ();

/* Start the session */

Session_start ();

Echo "The cache limiter is now set to $ cache_limiter </br> ";
Echo "The cached session pages expire after $ cache_expire minutes ";
?>

Today, I posted a question on my weibo: During the interview, I often asked a question: "How...