這樣就完成了基本的設定。那麼在下一次發起http請求時,首先瀏覽器會發送這個當前網域名稱下的所有cookie名字和值過去,這樣伺服器就能根據cookie中的session_id來去讀取session檔案,而不會混淆這個session屬於誰。
這一步具體如下:
SESSION發送一個對瀏覽器的唯一cookie變數session_id,這個session_id變數有名字、有值。變數名(name)預設為PHPSESSID,變數值(value)為apach隨機產生的字串,類似rvag9m368vim7k8g4v7k2ank70 。通常說的session_id其實是指這個唯一的字串rvag9m368vim7k8g4v7k2ank70。
具體的在FF的HTTP回應標頭下如此:
session_start();
在程式中上面一句就完成了上面的功能,假如瀏覽器沒有發送PHPSESSID的cookie過來就發送一個過去,有就讀取這個cookie,這樣就能維持同一個會話。
好了既然知道了session的工作原理,那麼我們可以推測到假如伺服器端sess_rvag9m368vim7k8g4v7k2ank70 這個檔案我們手動刪除了,那麼session失效,假如瀏覽器cookie失效,那麼session照樣失效。
在手動的情況下:
在伺服器端,可以用
session_ destroy() 或者session_ unset()
來使其失效。
在瀏覽器端:
可以直接
?setcookie('PHPSESSID','',123);
讓cookie到期,或者另外一種方式,但不能立即失效
?session_set_cookie_params($time);//目前時間戳上的秒,例如60,即讓其60秒後到期,<SPAN style="COLOR: #ff0000">不要用時間戳記+自己設定的時間。 </SPAN>
上面所講的都是讓session提前到期,但是想直接讓session延遲行不行呢?除了修改配置(session.gc_maxlifetime)是不行的,在php.ini裡面session.gc_maxlifetime 設定到期時間,到了這個時間,就有session.gc_probability /session.gc_divisor的機率被回收。假如到了這個時間,並且啟動了GC進程,GC會去讀取session檔案的修改時間(mtime),發現大於和目前時間相減後大於session.gc_maxlifetime ,立刻刪除。到此,我們也就明白了如何保持這個會話呢,只能在session.gc_maxlifetime 內,必須有使用者在訪問,每次訪問都去修改下session,這樣就這個session又多出session.gc_maxlifetime的存活時間。
另外說一下session.cookie_lifetime ,設定PHPSESSID在瀏覽器的存活時間,預設為0,IE下我發現是正常的,瀏覽器重啟即cookie失效;FF下還繼續存在。設定session.cookie_lifetime可以用session_set_cookie_params,
?session_set_cookie_params(60);//60 s session_start();
session.gc_maxlifetime和session.cookie_lifetime 共同決定了session的存留時間。
-------------------------------------------------------------
剛剛找了一下firefox cookie會話到期的資料,發現如下
This is apparently by design. Check out this Bugzilla bug:https://bugzilla.mozilla.org/show_bug.cgi?id=443354
Firefox has a feature where you close Firefox and it offers to save all your tabs, and then you restore the browser and those tabs come back. That's called session restore. What I didn't realize is that it'll also restore all the session cookies for those pages too! It treats it like you had never closed the browser.
This makes sense in the sense that if your browser crashed you get right back to where you were, but is a little disconcerting for web devs used to session cookies getting cleared. I've got some old session cookies from months ago that were set by sites I always have open in tabs.
To test this out, close all the tabs in your browser, then close the browser and restart it. I think the session cookies for your site should clear in that case. Otherwise you'd have to turn off session restore.
這是Firefox的會話儲存功能,FF設計就是如此。可以做這個close all the tabs in your browser, then close the browser and restart it測試,看看是否還儲存著。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
