How does Session determine client users? It is judged by Session ID. What is Session ID? It is the file name of the Session file. Session ID is generated randomly, so it can ensure uniqueness and randomness and ensure the security of Session. Generally, if the Session life cycle is not set, the Session ID is stored in memory. After closing the browser, the ID will be automatically logged out. After re-requesting the page, re-register a Session ID.
If the client does not disable cookies, the cookie plays the role of storing Session ID and Session lifetime when starting a Session session.
Let's manually set the lifetime of Session:
<?php
session_start();
// Save for one day
$lifeTime = 24 * 3600;
setcookie(session_name(), session_id(), time() + $lifeTime, "/");
?>
In fact, Session also provides a function session_set_cookie_params(); to set the lifetime of Session. The function must be called before the session_start() function call:
<?php
// Save for one day
$lifeTime = 24 * 3600;
session_set_cookie_params($lifeTime);
session_start();
$_SESSION["admin"] = true;
?>
If the client uses IE 6.0, there will be some problems with setting cookies at session_set_cookie_params(); function, so we still call the setcookie function manually to create cookies.
What should I do if the client disables cookies? There is no way, all survival cycles are browser processes. As long as you close the browser, you have to re-register the session again. So how to pass the Session ID? Passing through URL or hidden form, PHP will automatically send the Session ID to the URL. The URL is like: /?PHPSESSID=bba5b2a240a77e5b44cfa01d49cf9669, where the parameter PHPSESSID in the URL is Session ID. We can use $_GET to get this value, thereby realizing the Session ID between pages.
<?php
// Save for one day
$lifeTime = 24 * 3600;
// Acquiring the current Session name, default to PHPSESSID
$sessionName = session_name();
// Acquiring Session ID
$sessionID = $_GET[$sessionName];
// Use session_id() to set the obtained Session ID
session_id($sessionID);
session_set_cookie_params($lifeTime);
session_start();
$_SESSION['admin'] = true;
?>
For virtual hosts, if all users' Sessions are saved in the system's temporary folder, it will cause difficulties in maintenance and reduce security. We can manually set the saving path of the Session file, and session_save_path() provides such a function. We can point the Session directory to a folder that cannot be accessed through the Web. Of course, the folder must have readable and write properties.
<?php
// Set a storage directory
$savePath = './session_save_dir/';
// Save for one day
$lifeTime = 24 * 3600;
session_save_path($savePath);
session_set_cookie_params($lifeTime);
session_start();
$_SESSION['admin'] = true;
?>
Like the session_set_cookie_params(); function, the session_save_path() function must also be called before the session_start() function is called.
We can also store arrays and objects in Session. There is no difference between operating arrays and operating general variables. If you save an object, PHP will automatically serialize the object (also called serialization) and then save it in Session. The following example illustrates this:
<?php
class person {
var $age;
function output() {
echo $this->age;
}
function setAge($age) {
$this->age = $age;
}
}
?>
<?php
session_start();
require_once '';
$person = new person();
$person->setAge(21);
$_SESSION['person'] = $person;
echo '<a href=''>check here to output age</a>';
?>
<?php
// Set the callback function to ensure that the object is rebuilt.
ini_set('unserialize_callback_func', 'mycallback');
function mycallback($classname) {
include_once $classname . '.php';
}
session_start();
$person = $_SESSION['person'];
// Output 21
$person->output();
?>
When we execute the file, we call the setage() method, set the age to 21, and serialize the state and save it in Session (PHP will automatically complete this conversion). After going to , to output this value, we must deserialize the object saved just now. Because an undefined class needs to be instantiated when deserializing, we define the callback function in the future, which automatically contains this class file. Therefore, the object is refactored and the current value of age is 21, and then call the output() method to output the value.
In addition, we can also use the session_set_save_handler function to customize the calling method of Session.
Previous page12Read the full text