PHP strictly controls session expiration time_PHP tutorial

php strictly controls the session expiration time

After working for a while, I believe everyone must have encountered a problem:

1. The front-end user automatically disconnected without knowing why.

2. After logging out from the background, all front-end users will also be offline.

3. I want to control my users to automatically go offline after half an hour, but I found that even changing the configuration file doesn’t work.

All the above problems were encountered by me recently. Later, I found out through inquiries: PHP’s session mechanism is controlled by several parameters at the same time. I won’t write down the specific ones. They are a probability and a maximum expiration time. , there is also a session storage path. In php.ini we can see that the default expiration time of PHP session is 24 minutes, which means that if we do not operate the page for 24 minutes, the session will expire. Of course, this is Ideally, after 24 minutes, PHP will initiate a session recycling mechanism. This mechanism is used to detect whether the change time of the session file in the default storage directory is 24 minutes ago. If so, delete the session. Of course, this is also an ideal state. This is the probability mentioned earlier. The session recycling mechanism is triggered based on probability. That is to say, even if your session is a file 24 minutes ago, if the recycling mechanism is triggered, your session will still not expire. This is of course also This is not what we want. In order to solve this problem, the third parameter I mentioned earlier appears, which is the storage path of the session. If you do not enable session.save_path inside php.ini, then the session will not have a file. Generated, so in order to control the session more effectively, we open it and fill in a path, or use the session_save_path("...") function in the file to define the storage path of this session. Another important point is , that is, if the session is stored in a path defined by ourselves, the seesion recycling mechanism will not work. So we can only control the expiration time of the session ourselves.

The following is an expiration processing class about session that I wrote based on my understanding

<?php 
class Session{
private $savePath;//存储session的路径,必须是绝对路径
private $time;//存储session的过期时间,单位是秒
private $sessionName;//session的名字
private $sessionValue;//session的值

public function __construct($savePath)
{
//将session存入指定的目录
$this->savePath = $savePath;
            //注意:这个一定要写在session_start前面
session_save_path($this->savePath); 

session_start();//开启session
if(!is_dir($this->savePath))
{
                //默认为最大的权限 0777
mkdir($this->savePath) or die(&#39;系统错误!&#39;);
}
}

//创建session  一共三个参数,
               // $name->session名字 
               // $val->session值 
               // $time->过期时间,默认为30分钟
public function setSession($name,$val,$time=1800)
{
$this->sessionName  = $name;
$this->sessionValue  = $val;
$this->time       = $time;
if(!isset($_SESSION[$this->sessionName]))
{
if(is_array($this->sessionValue))
{
foreach($this->sessionValue as $key=>$val)
{
$_SESSION[$this->sessionName][$key] = $val;
}
}
else
{
$_SESSION[$this->sessionName][&#39;val&#39;]   = $this->sessionValue;
}
$_SESSION[$this->sessionName]["startTime"] = time();
}
//这时候说明session已经存在,那么我们判断他是否过期,如果过期,删除session
else if(isset($_SESSION[$this->sessionName]["startTime"]) && time()-$_SESSION[$this->sessionName][&#39;startTime&#39;]>=$this->time)
{
unset($_SESSION[$this->sessionName]);
}
}
}
 ?>

Through this class we can achieve several purposes:

              1. We can clearly control the expiration time of the session.

                                                                                                                                                                                                               When I logged out as a user, I usually wrote session_destroy() like this; or unset($_SESSION); but I don’t know that this clears all sessions, so we will After the previous user exited, our own session was also deleted.

                3. Users will not be disconnected for no reason, because every step is now transparent to us.

http://www.bkjia.com/PHPjc/1074128.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1074128.htmlTechArticlephp Strictly control the expiration time of session After working for a while, I believe everyone must have encountered a problem: 1. The front-end user automatically disconnected for some reason. 2. After logging out from the back-end...