Session Detail

I. Cookies and sessions

1. As the HTTP protocol is a stateless protocol, so the server needs to record the state of the user, you need to use some kind of mechanism to know the specific user, this mechanism is Session. typical scenario such as shopping cart, when you click the order button, because the HTTP protocol is stateless, so do not know which user operation, so the server to create a specific user for a specific user Session, used to identify the user, and track the user, so as to know how many books inside the shopping cart. This Session is saved on the server side and has a unique identifier. There are many ways to save Sessions on the server side, in-memory, database, and file. When clustering should also consider the transfer of Session, in large sites, there will generally be a dedicated cluster of Session servers, used to save user sessions, this time Session information is placed in memory, using some caching services such as Memcached and so on to put Session.

2. Think about how the server side identifies specific customers? This is when cookies come on the scene. Each time an HTTP request is made, the client sends the appropriate cookie information to the server. In fact most applications use cookies to implement Session tracking, the first time the Session is created, the server will tell the client in the HTTP protocol, you need to record a Session ID inside the cookie, each subsequent request to send this session ID to the server, I will know who you are. Some people ask what happens if the client's browser has cookies disabled. Typically in this case, a technique called URL rewriting is used for session tracking, where each HTTP interaction, the URL is appended with a parameter such as sid=xxxxx, whereby the server identifies the user.

3. Cookies can actually be used in some user-friendly scenarios. Imagine you've logged into a website one time and don't want to enter your account again the next time you log in. This information can be written to a cookie, and when you visit the website, the script on the website page can read this information and automatically fill in the username for you, which can be convenient for the user. That's where the cookie name comes from, a little sweetener for the user.

So, to summarize. Session is a data structure kept on the server side to track the status of the user, this data can be kept in clusters, databases, files. Cookie is a mechanism for the client to save user information, used to record some information about the user, but also a way to implement Session.

II. Role of session_start

session_start() will do two things.

1. generate a cookie file on the client side that holds the PHPSESSID.

Where and how this file is stored is related to how the program is executed and varies from browser to browser; this step produces a serialized string - PHPSESSID.

2. generate a temporary file on the server side that holds session data.

The storage location is specified by the session.save_path parameter, the name is similar to "sess_b2f326ee7a8b7617c215a30d22a602f1", "sess_" represents this is a session file, "b2f326ee7a8b7617c215a30d22a602f1" that is, the PHPSESSID of this session, and the client's PHPSESSID must be the same. This file holds the specific values in the $_SESSION variable, in the format of

Variable name | Variable type : [length] : value


III. Role of session_id

session_id() Retrieves the current session ID. vocabulary: string session_id(string [id]);

This function obtains or reconfigures the code that currently holds the Session. Without the id parameter, only the current Session ID is obtained; with the id parameter, the Session ID is set to the newly specified id. The input and return are strings. exports session_id()

    echo session_id();
    //  exports dqr58dnuqj2gufvg4o3tmjb9v4

Set session_id()

    echo session_id();
    //  exports NowaMagic

IV. Session storage

Extensions for .session: where the default session is stored. In the php.ini configuration file there is this line session.save_handler = files, files, Explainedphp The default is to save with file read/writesession of。 So which directory is it in?? Keep looking.。session.save_path = "/tmp", This line is preceded by a ; , the instructions are commented out, but even so, the default php The session is also saved here, in the /tmp directory. Above.

We can see from the image that it is indeed under this directory, and let's take a look at the contents in passing

My write to session statement is. $_SESSION['as'] = 'as'; Decipher it., the firstas What it represents is$_SESSION['as'] hit the targetas,| backs indicates that this is a string type data,2 indicates the number of bytes occupied by this string, The last double quotation mark causes the valueas。

More storage options.

For an actual session example and session_id security see another blog post at


1、Blockchain discussion sparked by New York consensus event looks at where the business value of MyaCoin Mmcoin lies
2、Stephen Hawking left 3 warnings for mankind one of which has to do with Japan and is scarier than aliens
3、What is the dynamic range and transient response of headphones What is it like for them to perform well
4、Havent cleared Guess the Song yet Ive found a way to molest it
5、The headlines want to friendly technology to the sea must first solve the four sins

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送