Heim  >  Artikel  >  Backend-Entwicklung  >  【PHP】对话存储方式详解

【PHP】对话存储方式详解

WBOY
WBOYOriginal
2016-06-13 12:51:48821Durchsuche

【PHP】会话存储方式详解

  作者:zhanhailiang 日期:2013-03-15

首先确认会话是否自动开启还是需要通过session_start()来手动开启:

<span class="co0" style="color:rgb(128,128,128); font-style:italic">; 指定会话模块是否在请求开始时自动启动一个会话。默认为 0(不启动)</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; Initialize session on request startup.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.auto-start</span>
session.auto_start <span class="sy0" style="color:rgb(102,204,102)">=</span><span class="re2" style="color:rgb(0,0,255)"> 0</span>

客户端存储

在客户端,会话可以存储在cookie或者通过URL参数来获取。依赖于服务器的配置:

<span class="co0" style="color:rgb(128,128,128); font-style:italic">; 指定是否在客户端用 cookie 来存放会话 ID。默认为 1(启用)</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; Whether to use cookies.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.use-cookies</span>
session.use_cookies <span class="sy0" style="color:rgb(102,204,102)">=</span><span class="re2" style="color:rgb(0,0,255)"> 1</span>
 
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; 指定是否在客户端仅仅使用 cookie 来存放会话 ID。。启用此设定可以防止有关通过 URL 传递会话 ID 的攻击。</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; This option forces PHP to fetch and use a cookie for storing and maintaining</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; the session id. We encourage this operation as it's very helpful in combatting</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; session hijacking when not specifying and managing your own session id. It is</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; not the end all be all of session hijacking defense, but it's a good start.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.use-only-cookies</span>
session.use_only_cookies <span class="sy0" style="color:rgb(102,204,102)">=</span><span class="re2" style="color:rgb(0,0,255)"> 1</span>

如果确认存储在cookie中,则可以进一点配置会话存储在cookie中的各项配置,如cookie_name,cookie_lifetime,cookie_path,cookie_domain,cookie_secure,cookie_httponly

<span class="co0" style="color:rgb(128,128,128); font-style:italic">; Name of the session (used as cookie name).</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.name</span>
session.name <span class="sy0" style="color:rgb(102,204,102)">=</span><span class="re2" style="color:rgb(0,0,255)"> PHPSESSID</span>
 
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; Lifetime in seconds of cookie or, if 0, until browser is restarted.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.cookie-lifetime</span>
session.cookie_lifetime <span class="sy0" style="color:rgb(102,204,102)">=</span><span class="re2" style="color:rgb(0,0,255)"> 0</span>
 
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; The path for which the cookie is valid.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.cookie-path</span>
session.cookie_path <span class="sy0" style="color:rgb(102,204,102)">=</span><span class="re2" style="color:rgb(0,0,255)"> /</span>
 
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; The domain for which the cookie is valid.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.cookie-domain</span>
session.cookie_domain <span class="sy0" style="color:rgb(102,204,102)">=</span>
 
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.cookie-httponly</span>
session.cookie_httponly <span class="sy0" style="color:rgb(102,204,102)">=</span>

服务器端存储

在服务器端,同样也可以通过多种方式来存储会话。默认会话存储在文件中,此时session.save_path为创建存储文件的路径。

<span class="co0" style="color:rgb(128,128,128); font-style:italic">; Handler used to store/retrieve data.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.save-handler</span>
session.save_handler <span class="sy0" style="color:rgb(102,204,102)">=</span><span class="re2" style="color:rgb(0,0,255)"> files</span>
 
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; Argument passed to save_handler.  In the case of files, this is the path</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; where data files are stored. Note: Windows users have to change this</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; variable in order to use PHP's session functions.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; The path can be defined as:</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;     session.save_path = "N;/path"</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; where N is an integer.  Instead of storing all the session files in</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; /path, what this will do is use subdirectories N-levels deep, and</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; store the session data in those directories.  This is useful if you</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; or your OS have problems with lots of files in one directory, and is</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; a more efficient layout for servers that handle lots of sessions.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; NOTE 1: PHP will not create this directory structure automatically.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;         You can use the script in the ext/session dir for that purpose.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; NOTE 2: See the section on garbage collection below if you choose to</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;         use subdirectories for session storage</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; The file storage module creates files using mode 600 by default.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; You can change that by using</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;     session.save_path = "N;MODE;/path"</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; where MODE is the octal representation of the mode. Note that this</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; does not overwrite the process's umask.</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">; http://php.net/session.save-path</span>
<span class="co0" style="color:rgb(128,128,128); font-style:italic">;session.save_path = "/tmp"</span>

PHP支持通过session_set_save_handler来实现会话处理器的自定义open, close, read, write, destroy, gc处理函数,常见的会话处理器包括使用内存型分配(如mm,memcache等),也可以使用数据库进行存储。由此可见,若需要会话存储与文件系统(例如用数据库PostgreSQL Session Save Handler或默认的文件存储files)协同工作的,此时有可能造成用户定制的会话处理器丢失了未存储数据的会话。若使用内存型分配存储,又需要考虑会话持久化存储问题。

接下来重点讲解memcache(d?)会话处理器。

Memcache模块提供了于memcached方便的面向过程及面向对象的接口,memcached是为了降低动态web应用 从数据库加载数据而产生的一种常驻进程缓存产品。 
Memcache模块同时提供了一个session 处理器 (memcache). 
更多关于memcached的信息请参见? http://www.memcached.org/.
memcached是一个高性能分布式的内存对象缓存系统, 通常被用于降低数据库加载压力以提高动态web应用的响应速度。 
此扩展使用了libmemcached库提供的api与memcached服务端进行交互。它同样提供了一个session处理器(memcached)。 它同时提供了一个session处理器(memcached)。 
关于libmemcached的更多信息可以在? http://libmemcached.org/libMemcached.html查看。

memcache会话处理器配置:

session.save_handler <span class="sy0" style="color:rgb(102,204,102)">=</span><span class="re2" style="color:rgb(0,0,255)"> memcache</span>
session.save_path <span class="sy0" style="color:rgb(102,204,102)">=</span> <span class="st0" style="color:rgb(255,0,0)">"tcp://127.0.0.1:11211?persistent=0&weight=1&timeout=1&retry_interval=15,tcp://127.0.0.1:11212?persistent=0&weight=1&timeout=1&retry_interval=15,tcp://127.0.0.1:11213?persistent=0&weight=1&timeout=1&retry_interval=15,tcp://127.0.0.1:11214?persistent=0&weight=1&timeout=1&retry_interval=15"</span>

数据库处理器可以使用Session PgSQL来实现(此扩展被认为已无人维护)。也可以使用其它数据库来实现会话存储,只不过需要自定义处理器函数function.session-set-save-handler.php。具体自定义处理器可参见maria at junkies dot jp。

Stellungnahme:
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn