Summary of SESSION usage in PHP

When a SESSION is enabled, a cookie (called PHPSESSID, which can be obtained through session_name () that uniquely identifies session_id in the browser is first sent. in the case of save_handler = files, a file without a suffix is generated under the specified directory (such as temp) on the server. The name is
Copy codeThe Code is as follows:
'Sess _ "+ 'session _ id ';

 
This completes the Basic settings. In the next http request, the browser will first send all the cookie names and values under the current domain name, so that the server can read the session file according to the session_id in the cookie, it will not confuse who the session belongs.

This step is as follows:

SESSION sends a unique cookie variable session_id to the browser. The session_id variable has a name and a value. The default value of the variable name (name) is PHPSESSID, and the value (value) is a string randomly generated by apach, similar to rvag9m1_vim7k8g4v7k2ank70. Generally, session_id refers to the unique string rvag9m1_vim7k8g4v7k2ank70.

The specific cause is as follows in the ff http Response Header:


Session_start ();
The above sentence in the program completes the above function. If the browser does not send the PHPSESSID cookie, it will send a previous one, and then it will read the cookie to maintain the same session.

Now that we know the working principle of the session, we can infer that if we manually delete the sess_rvag9m1_vim7k8g4v7k2ank70 file on the server side, the session becomes invalid. If the browser cookie is invalid, the session becomes invalid.
Manually:
On the server side, you can use
Session _ destroy () or session _ unset ()
To make it invalid.
On the browser side:
You can directly
? Setcookie ('phpsessid ', '', 123 );
Make the cookie expire, or use another method, but it cannot expire immediately.
? Session_set_cookie_params ($ time); // The second on the current timestamp, for example, 60, that is, it expires after 60 seconds. <SPAN style = "COLOR: # ff0000 "> do not use the timestamp + custom time. </SPAN>
What we have mentioned above is to let the session expire in advance, but can we directly delay the session? In addition to modifying the configuration (session. gc_maxlifetime) is not acceptable in php. session in ini. gc_maxlifetime sets the expiration time. At this time, there will be a session. gc_probability/session. the probability of gc_divisor is recycled. If the GC process is started at this time, GC reads the modification time (mtime) of the session file and finds that the modification time is later than the current time and later than session. gc_maxlifetime. At this point, we understand how to maintain this session. in gc_maxlifetime, a user must be in access and modify the session for each access. In this way, there are more sessions for this session. the survival time of gc_maxlifetime.
In addition, let's talk about session. cookie_lifetime and set the PHPSESSID's survival time in the browser. The default value is 0. I found it is normal in IE, And the cookie is invalid when the browser is restarted. The cookie still exists in FF. You can use session_set_cookie_params to set session. cookie_lifetime,
? Session_set_cookie_params (60); // 60 s session_start ();
Session. gc_maxlifetime and session. cookie_lifetime jointly determine the session survival time.
-------------------------------------------------------------
I just found the information about the expiration of the firefox cookie Session, and found the following:

This is apparently by design. Check out this Bugzilla bug: https://bugzilla.mozilla.org/show_bug.cgi? Id = 443354

Firefox has a feature where you close Firefox and it offers to save all your tabs, and then you restore the browser and those tabs come back. that's called session restore. what I didn't realize is that it all also restore all the session cookies for those pages too! It treats it like you had never closed the browser.

This makes sense in the sense that if your browser crashed you get right back to where you were, but is a little disconcerting for web devs used to session cookies getting cleared. I 've got some old session cookies from months ago that were set by sites I always have open in tabs.

To test this out, close all the tabs in your browser, then close the browser and restart it. I think the session cookies for your site shoshould clear in that case. otherwise you 'd have to turn off session restore.

This is the session saving function of Firefox, as is the design of FF. You can perform this close all the tabs in your browser, then close the browser and restart it test to see if it is still saved.