This article mainly introduces how to understand the Session in PHP and control the validity period of the Session. the default validity period of the Session is 1440 seconds, and then PHP garbage collection will be used. For more information, see
0. what is session?
The Chinese translation of a Session is called "Session". its original meaning refers to a series of actions/messages starting and ending, for example, a series of processes from picking up a phone call and dialing to hanging up a phone call can be called a session. At present, the society's understanding of sessions is very confusing: sometimes we can see this: "During a browser session ,... ", the session here refers to the period from opening to closing a browser window; you can also see the sentence" user (client) is in a session, it may refer to a series of actions of a user (generally a series of actions related to a specific purpose, such as the online shopping process from login to purchasing goods to checkout and logout; however, sometimes it may only mean a connection. The difference can only be inferred by context.
However, when a session is associated with a network protocol, it often implies two meanings: "connection-oriented" and "/" persistence, "Connection orientation" refers to the establishment of a communication channel before the communication parties establish a communication channel, such as a call, until the other party receives the telephone communication. "Keep status" means that the communication party can associate a series of messages so that messages can be mutually dependent, for example, a waiter can recognize an old customer who has visited the store again and remembers that the customer still owes a dollar to the store. Such examples include "one TCP session" or "one POP3 session ".
Since such chaos cannot be changed, it is difficult to have a unified standard for the next definition of the session. When reading session-related information, we can only infer and understand it by context. However, we can understand this as follows: for example, when we make a call, we call the call from the moment we call the call to the end of the call, because the call is always in the connected state, so we call the session status. It is a public variable that has existed throughout the interaction between visitors and the website. when the client does not support cookies, SESSION variables are used to ensure data correctness and security. Visitors to the website will be assigned a unique identifier, the so-called session ID. It is either a cookie stored on the client or transmitted through a URL.
The invention of the SESSION fills in the limitations of the HTTP protocol: the HTTP protocol is regarded as a stateless protocol and cannot be known about the user's browsing status. after the server completes the response, the server loses contact with the browser. This is consistent with the original purpose of the HTTP protocol. the client only needs to simply request the server to download some files, and neither the client nor the server needs to record the previous behaviors of each other, each request is independent, like the relationship between a customer and a vending machine or a common (non-member) hypermarket.
Therefore, SESSION (cookie is another solution) is used to record user information for confirmation when the user initiates a request to the web server. The invention of session allows a user to save his information when switching between multiple pages. Website programmers have such experiences that the variables on each page cannot be used on the next page (although form and url can also be implemented, this is a very bad way ), the variables registered in the SESSION can be used as global variables.
So what is the usefulness of SESSION? Shopping cart is used for online shopping. you can add the items you bought to the shopping cart at any time and check out the items at the cashier. During the whole process, the shopping cart has always played the role of temporarily storing the selected items and used it to track users' activities on the website. this is the role of SESSION, which can be used for user identity authentication, program Status record, parameter transfer between pages, etc.
The COOKIE technology is used in the implementation of the SESSION. The SESSION will save a COOKIE containing session_id (SESSION number) on the client, and save other session variables on the server, such as session_name. When a user requests a server, the session_id is also sent to the server. the session_id is used to extract the variables stored on the server to identify who the user is. At the same time, it is not difficult to understand why the SESSION sometimes fails.
When the client disables cookies (click "tools"-"internet =" "> Internet Options" in IE, and click "security"-"custom level" in the pop-up dialog box, set "allow COOKIE for each conversation" to disabled). session_id cannot be passed, and the SESSION becomes invalid. However, php5 can automatically check the cookie status on linux/unix platforms. if the client is disabled, the system automatically attaches session_id to the url for transmission. Windows host does not have this function.
1. php session validity period
The default session validity period of php is 1440 seconds (24 minutes). If the client does not refresh after 24 minutes, the current session will be recycled and will become invalid.
When the user closes the browser and the session ends, the session will also become invalid.
You can modify the session. gc_maxlifetime of php. ini to set the session lifecycle. However, the session information cannot be deleted immediately after this period. Because GC is started at a probability, it may not be started for a long time. Therefore, a large number of sessions remain valid after session. gc_maxlifetime is exceeded.
2. session. gc_maxlifetime, session. gc_probability, session. gc_pisor description
Session. gc_maxlifetime = 30 indicates that when the session file is not accessed after 30 seconds, it is regarded as an expired session and will be recycled by GC.
The probability of GC process calling is calculated by session. gc_probability/session. gc_pisor, and session. gc_pisor is 1000 by default,
If session. gc_probability = 1000, the GC process will call and recycle each time session_start () is executed.
Increasing the probability of session. gc_probability/session. gc_pisor will be helpful, but will seriously affect the performance.
3. strictly control the session expiration method
(1) use memcache/redis to save the session and set the Expiration Time. because the recovery mechanism of memcache/redis is not based on the probability, it can ensure that the session will expire after expiration.
(2). use php only to create a session class and write the expiration time when the session is written. When reading data, you can determine whether the data has expired based on the Expiration Time.
<? Php/*** Session control class */class Session {/*** set session * @ param String $ name session name * @ param Mixed $ data session data * @ param Int $ expire timeOut (seconds) */public static function set ($ name, $ data, $ expire = 600) {$ session_data = array (); $ session_data ['data'] = $ data; $ session_data ['expire '] = time () + $ expire; $ _ SESSION [$ name] = $ session_data ;} /*** read session ** @ param String $ name session name * @ retu Rn Mixed */public static function get ($ name) {if (isset ($ _ SESSION [$ name]) {if ($ _ SESSION [$ name] ['expire ']> time () {return $ _ SESSION [$ name] ['data'];} else {self:: clear ($ name) ;}} return false;}/*** clear session * @ param String $ name session name */private static function clear ($ name) {unset ($ _ SESSION [$ name]) ;}}?>
Demo:
<? Phpsession_start (); $ data = '000000'; session: set ('test', $ data, 10); echo session: get ('test '); // output sleep (10); echo session: get ('test'); // expired?>