session是一种会话技术,它基于cookie,相比cookie具有更高的安全性。
1.session原理
如图所示,session会给客户端发送一个session id,同时在服务端建立一个session数据区,客户端在请求的时候提交session id,服务端通过这个session id在session数据区查找。客户端仅存了一个session id ,它具有一定的时效性,重要的信息还是保存在服务端的,所以session会比较安全。
2. session的操作
session_set.php
<?php//定义session数据文件的存储路径,windows下默认是C:\Windows\tempsession_save_path(getcwd().DIRECTORY_SEPARATOR.'temp');@session_start();echo session_id()."<hr>";//添加$_SESSION['name'] = 'tom';$_SESSION['age'] = 19;$_SESSION['height'] = 75.5;$_SESSION['edu'] = '小学';//修改$_SESSION['age'] = 22;//读取var_dump($_SESSION);//删除unset($_SESSION['edu']);echo "<hr>";var_dump($_SESSION);?>
来看看session保存数据的文件:
session数据区的内容都是通过序列化后的字符串保存的,读取的时候再执行反序列化,session 支持多种数据类型存储,而cookie只支持string.
3.seesion中客户端cookie属性设置
session的使用是基于cookie的,必须在客户端保存一个session id的cookie,那么服务端可以设置这个cookie的属性来告诉浏览器如何生成这个cookie:
<?php//定义session数据文件的存储路径,windows下默认是C:\Windows\tempsession_save_path(getcwd().DIRECTORY_SEPARATOR.'temp');session_name("MYPHPSESSID");//设置session_cookie名称, 默认是PHPSESSID/** *session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly) *$lifetime int 设置客户端cookie的有效期,默认会话结束时 *$path string设置cookie的有效路径 ,默认'/',可选参数 *$domain string 设置有效域,可选参数 *$secure boolean 是否仅在https下发送cookie 默认false,可选参数 *$httponly boolean 是否仅在http中可使用cookie 默认false,可选参数 *///设置cookie有效期60秒session_set_cookie_params(60, '/', '.phpcode.com', false, false) ;@session_start();echo session_id()."<hr>";$_SESSION['name'] = 'tom';?> 注意: session_set_cookie_params 必须要在 session_start()前设置。
4.session数据区垃圾回收设置
session数据区的数据随着用户对服务器的访问会产生越来越多的垃圾数据,所以有必须进行垃圾扫描和垃圾清理。当然服务器不可能时时去扫描哪些数据是过期了,那样服务器损耗很大,所以呢必须一定几率去触发,判断到是垃圾的就清理掉。
<?phpsession_save_path(getcwd().DIRECTORY_SEPARATOR.'temp');//设置cookie有效期60秒session_set_cookie_params(60, '/', '.phpcode.com', false, false) ;//设置为服务器被请求3次 有1次可能触发gc ,进行垃圾回收ini_set('session.gc_probability', '1');ini_set('session.gc_divisor', '3');//默认1440秒后就被当为垃圾(最后一次写+1440秒),gc的时候,把该session id对应的 session数据区删除//设置为10秒后为垃圾ini_set('session.gc_maxlifetime', '10');@session_start();echo session_id();$_SESSION['name'] = 'tom';echo "<hr>";var_dump($_SESSION);?> 下面两个参数是设置触发垃圾扫描的概率
ini_set(‘session.gc_probability’, ‘1’);
ini_set(‘session.gc_divisor’, ‘3’);
设置多长时间后就是垃圾,可以被回收
ini_set(‘session.gc_maxlifetime’, ‘10’);
5.禁用cookie如何使用session
<?php//定义session数据文件的存储路径,windows下默认是C:\Windows\tempsession_save_path(getcwd().DIRECTORY_SEPARATOR.'temp');//在session_start 前设置以下两项ini_set('session.use_only_cookies', '0');ini_set('session.use_trans_sid', '1');@session_start();echo session_id();//添加$_SESSION['name'] = 'tom';echo "<hr>";var_dump($_SESSION);echo "<hr>";include 'show.html';?> show.html
<!DOCTYPE html><html> <head> <meta charset="UTF-8"> <title>Insert title here</title> </head> <body> <a href='session_get_no_cookie.php'>forbidden cookie</a> <form method="post" action="session_get_no_cookie.php"> <input type="submit" value="submit"/> </form> </body></html>
session_get_no_cookie.php
<?php//定义session数据文件的存储路径,windows下默认是C:\Windows\tempsession_save_path(getcwd().DIRECTORY_SEPARATOR.'temp');if(isset($_GET['PHPSESSID'])){ session_id($_GET['PHPSESSID']);}else if(isset($_POST['PHPSESSID'])){ session_id($_POST['PHPSESSID']);}echo session_id().'<hr>';session_start();var_dump($_SESSION); 6.session如何持久化
通常来说session不提倡持久化。
如果非要持久化,如下设置:
session_set_cookie_params(PHP_INT_MAX);ini_set('session.gc_maxlifetime', PHP_INT_MAX);#注意一定要在session_start前设置!! 7.session和cookie区别和联系
联系:
Session基于COOKIE,session-id存储于cookie中,cookie数据存放在客户端浏览器上,session主要数据放在服务器上。
区别:
Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PMLaravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-
cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AMThe PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.
Build a React App With a Laravel Back End: Part 2, ReactMar 04, 2025 am 09:33 AMThis is the second and final part of the series on building a React application with a Laravel back-end. In the first part of the series, we created a RESTful API using Laravel for a basic product-listing application. In this tutorial, we will be dev
Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PMLaravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>
12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PMDo you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom
Notifications in LaravelMar 04, 2025 am 09:22 AMIn this article, we're going to explore the notification system in the Laravel web framework. The notification system in Laravel allows you to send notifications to users over different channels. Today, we'll discuss how you can send notifications ov
Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PMArticle discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo
PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PMPHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Dreamweaver CS6
Visual web development tools
Dreamweaver Mac version
Visual web development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Notepad++7.3.1
Easy-to-use and free code editor
Zend Studio 13.0.1
Powerful PHP integrated development environment
