There are a lot of session problems in this forum. I now summarize some of my own understandings and the problems that I have encountered. I hope to keep the session that has confused friends. I will discuss it, try to minimize the confusion. Simple introduction: -------------------------------------------------- --------------------------- session content is stored on the server, the security performance is better, not easy to be stolen, but If the SESSION is too large, there will be too much server space. Cookies are stored on the client and will not cost server resources, but security will be a bit, and Cookies will depend on the settings of the client. Cookies will not depend on Session, and Session will work with cookies, but will not depend on cookies. (In other words, session can also work when leaving cookies.) SESSION work: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -------------------------------------------------- -Session workflow, initialization session -> registration or use session variables. 1. Initialize session (three methods) a, session.auto_start = 1 utilize script configuration parameters. This parameter can be set by php.ini or you can set with INI_SET () on the script. b, session start () c, session_register () This time PHP's session management module will check if there is a sessionID transfer, if any, the original session storage will be updated (individual think: Updated action is only It is updated to the Lifetime of the SESSION file, updated to the current time). If not, PHP's session management module produces a new sessionID. This sessionID generally is unique, the repetition is extremely small, and it is encrypted by MD5. You can use the session_id () function to get the current sessionID. 2, register or use the session variable. If the SESSION management module will store the contents of the session variable to the location specified on the server (Of course, you can also store it in your own way, such as a database, etc.) The system is stored in the form of a file. In the specified directory, the file name is "SESS_" plus sessionid file content: Variable Name | Type: Length: "Content", if multiple variables are separated by semicolons. This time the session management module will store the sessionID to the client (default). You can set this special cookie name, default is "phpsessid"; cookie default lifecycle is the life cycle of the browser, once the browser closes this cookie, will fail. You can also customize some special properties for this special cookie. But if the client refuses to accept the cookie, the session management module will follow the sessionID behind the URL. To ensure the normal work of the session, he will have some defects, which will be introduced below.
Note Be sure to check the following parameters to ensure the execution of this action: session.use_cookies = 1session.Use_only_cookies = 0session.use_trans_sid = 1 About session garbage collection: ------------- -------------------------------------------------- ---------------- Why do you need garbage collection? If the user is properly exited, we can use the program to call the session logging function to delete the SESSION file stored in the server. But if our procedure is not very strict or the user is in the process of the session, it will suddenly turn the browser to close the browser. At this time, some session files will be stored forever on the server, and will not be utilized. These content will be more and more if garbage collection is not collected. How is the session management module for garbage collection? For the Session Management Module, if there is no clear reception of recycle instructions, he will think of all session files is valid. Because the session management module doesn't know if the user is closed, it is just just to leave. This time the session management module is processed: it uses the session file within 24 minutes (default) as the session file as a junk file, and is marked. Session has related time settings if more than 24 minutes (default) The session management module will bring this session file to the junk file. Then trigger by an event, you can set the probability of recycling (default 1%), and the individual thinks that the SESSION management module garbage collection is initialized. If you are interested, you can do such an experiment: set the garbage collection probability of the session management module to 100%, the junk file identification time is set to 0; session parameter setting: ------------- ---------------------------- [session] session.save_handler = files; storage and retrieving SESSION processing method, default is files you You can also use session_set_save_handler () to set the user level; session storage and retrieve processing mode. If you are interested, you can check the manual, there is a good example above.
Session.save_path = C: / TEMP; Session file storage location, you can also use session_set_save_handler () to set the user level; session storage location, file, database can! session.use_cookies = 1; if using a cookie transmitted sessionID; session.use_only_cookies = 1; if using only pass the cookie sessionID (sessionID two transfer mode cookie, url) session.name = PHPSESSID; sessionID name of the cookie transmitted session.auto_start = 0; Whether to automatically initialize session session.cookie_lifetime = 0 at each request; pass the SESSIONID's Cookie's living cycle session.cookie_path = /; pass the effective position of the sessionID's cookie, if "/" is expressed under the entire website Effective session.cookie_domain =; Pass sessionID's valid domain, if you want to be valid in all subdomains in the parent domain, fill in ".domainName.com" session.serialize_handler = php; session sequenced processing mode session.gc_probability = 1 dispossion. gc_divisor = 100; junk probability of recovering session file = session.gc_probability / session.gc_divisorsession.gc_maxlifetime = 1440; session file is marked as junk files time session.bug_compat_42 = 1session.bug_compat_warn = 1; php in <= 4.2 version of the time If register_global is turned off, or allow you to initialize a global range variable, but in the PHP in> = 4.3, if it will be above; the two parameters open the system will give WARN information .Session.refer_Check =; this The parameter is a string, and the system will check if the string exists in the Referer from the client, and the sessionID contained in the URL will be regarded as invalid. It mainly prevents clients from sending camouflage a false requests; session.entropy_length = 16; session.entropy_file = / dev / urandom; session creation source, in UNIX systems You can use / dev / random or / dev / urandom. Session.cache_limiter = nocache; This parameter will affect the HTTP's Caching (ie, is a cached). You can choose three parameters; nocache, private, public, if it is empty, NocacheSession.cache_expire = 180; this The parameters will affect the caching of HTTP (ie, the web page is cached), this is a cache time, and the unit is divided. Session.use_trans_sid = 0; transfer the sessionID to the URL.
