|=-----------------------------------------------------------------------=||=------------------------=[ 深入理解FastCGI ]=--------------------------=||=-----------------------------------------------------------------------=||=--------------------------=[ by d4shman ]=---------------------------=||=-----------------------------------------------------------------------=||=-------------------------=[ May 7, 2014 ]=---------------------------=||=-----------------------------------------------------------------------=|[目录]0x01 什么是FastCGI0x02 FastCGI的工作流程0x03 PHP中的CGI实现0x04 参考文献0x01 什么是FastCGI CGI全称是“通用网关接口”( Common Gateway Interface),它可以让一个客户端从网页浏览器向执行在web服务器上的程序请求数据。CGI描述了客户端和这个程序之间传递数据的一种标准。 FastCGI是web服务器和处理程序之间通讯的一种协议, 是CGI的一种改进方案, FastCGI像是一个常驻(long live)型的CGI, 它可以一直执行,在请求到达时不会花费时间去fork一个进程来处理(这是CGI最为人诟病的fork-and-execute模式)。 CGI程序反复加载是CGI性能低下的主要原因,FastCGI将CGI解释器进程保持在内存内中,以此获得较高的性能。同时,FastCGI还支持分布式计算,也就是说,Web Server和FastCGI可以部署在不同的服务器上。0x02 FastCGI的工作流程 1.Web server启动时载入FastCGI进程管理器(Apache Module、IIS ISAPI等) 2.FastCGI进程管理器自身初始化,启动多个CGI解释器进程php-cgi并等待来自 Web Server的连接。 3.当客户端的请求到达Web Server时,FastCGI选择并连接到一个CGI解释器。 Web server将CGI环境变量和标准输入发送到FastCGI子进程php-cgi。 4.FastCGI子进程完成处理后将标准输出和错误信息从同一连接返回Web Server。 php-cgi关闭本次连接并等待下次连接。 0x03 PHP中的CGI实现 PHP中的CGI实现了FastCGI协议,是一个TCP或UDP协议的服务器接受来自Web服务器的请求,当启动时创建TCP/UDP协议的服务器socket监听,并接受相关请求进行处理。随后就进入了PHP的生命周期:模块初始化,sapi初始化,处理PHP请求,模块关闭,sapi关闭。以上构成了PHP中CGI的生命周期。 以TCP为例,在TCP的服务端,一般会执行这样的几个操作步骤: 1.调用socket函数创建一个TCP用的流式套接字 2.调用bind函数将服务器的本地地址与前面创建的套接字绑定 3.调用listen函数监听新创建的套接字,等待客户端发起的连接请求 4.服务器进程调用accept函数进入阻塞状态,知道有客户进程调用connect函数建 立连接 5.当连接建立后,服务器调用read_stream函数读取客户端的请求 6.处理完数据后,服务器调用write函数向客户端发送应答 <!-------------- 这就是活生生的socket通信啊 ---------------> 下面从PHP源码来看这个过程: (以下代码我只保留了关键部分,完整代码请自行查看PHP源码) 1.socket的创建、绑定和监听(在源码的sapi/cgi/fastcgi.c中) /* Create, bind socket and start listen on it */ if ((listen_socket = socket(sa.sa.sa_family, SOCK_STREAM, 0)) = 0) { SG(server_context) = (void *) &request; init_request_info(TSRMLS_C); CG(interactive) = 0; } } 3.调用read函数读取客户端请求: static int fcgi_read_request(fcgi_request *req) { fcgi_header hdr; int len, padding; unsigned char buf[FCGI_MAX_LENGTH+8]; req->keep = 0; req->closed = 0; req->in_len = 0; req->out_hdr = NULL; req->out_pos = req->out_buf; req->has_env = 1; /*调用sage_read读取fcgi_request类型的数据req*/ if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) || hdr.version fd >= 0) { if (!req->closed) { ret = fcgi_flush(req, 1); req->closed = 1; } fcgi_close(req, force_close, 1); } return ret; } 如上,当socket处于打开状态(reg->fd >= 0),并且请求未关闭,则会将执行后的结果刷到客户端,并将请求的关闭设置为真。 将数据刷到客户端的程序调用的是fcgi_flush函数。在此函数中,关键是在于答应头的构造和写操作。 程序的写操作是调用的safe_write函数,而safe_write函数中对于最终的写操作针对win和linux环境做了区分,在Win32下,如果是TCP连接则用send函数,如果是非TCP则和非win环境一样使用write函数。如下代码: static inline ssize_t safe_write(fcgi_request *req, const void *buf, size_t count) { int ret; size_t n = 0; do { errno = 0; #ifdef _WIN32 /*win32环境*/ if (!req->tcp) { /*非TCP连接,调用write函数*/ ret = write(req->fd, ((char*)buf)+n, count-n); } else { /*TCP连接,调用send函数*/ ret = send(req->fd, ((char*)buf)+n, count-n, 0); if (ret fd, ((char*)buf)+n, count-n); #endif if (ret > 0) { n += ret; } else if (ret <br> 
How does PHP identify a user's session?May 01, 2025 am 12:23 AMPHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.
What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AMThe security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.
Where are PHP session files stored by default?May 01, 2025 am 12:15 AMPHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita
How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AMToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si
How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AMThe steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.
How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PMThe article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.
What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PMThe article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.
How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PMArticle discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SublimeText3 English version
Recommended: Win version, supports code prompts!
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
