The difference and relationship between cookies and sessions_PHP tutorial

Share an article with a detailed explanation of the difference between cookies and sessions. Friends in need can refer to it. It is a very valuable article. Cookies are often used to identify users. Cookies are small files that a server leaves on a user's computer. Whenever the same computer requests a page through the browser, it also sends the cookie. With PHP, you can create and retrieve cookie values. PHP uses the SetCookie function to set cookies. The SetCookie function defines a Cookie and appends it to the end of the HTTP header. The prototype of the SetCookie function is as follows:
int SetCookie(string name, string value, int expire, string path, string domain, int secure); Parameter description: cookie name, cookie value, expiration time (int), valid path, limited domain name, https delivery is valid

The code is as follows

Copy code

代码如下	复制代码
注意：当前设置的Cookie不是立即生效的，而是要等到下一个页面时才能看到.这是由于在设置的这个页面里Cookie由服务器传递给客户浏览器，在下一个页面浏览器才能把Cookie从客户的机器里取出传回服务器的原因。

Note: The currently set cookie does not take effect immediately, but will not be visible until the next page. This is because the cookie is passed from the server to the client's browser on the page that is set, and the browser will not be able to see it until the next page. The reason for removing the cookie from the client's machine and sending it back to the server.

Usage example: Normal use: setcookie('name','PHP Huaibei'); With expiry time:
setcookie('name','PHP Huaibei',time()+24*60*60);//1day Cookies are path-oriented and are stored under the current file by default. If the path is not set, cookies under different files are saved in different folders by default, as shown in the figure: By default they are saved in the mytest folder phphuaibei/201111/201111151945348209.png"> 2. Receive and process Cookies The web communication protocol between the client and the server is http. The three commonly used methods for PHP to obtain user data through http are: POST method, GET method and Cookie. The default delivery method of PHP is Cookie, which is also the best method. For example, if you set a cookie named MyCookier, PHP will automatically analyze it from the HTTP header received by the WEB server and form a variable like an ordinary variable named $myCookie. The value of this variable is the cookie. Value 3. Delete Cookies To delete an existing cookie, there are two ways:

1. First, call SetCookie with only the name parameter, then the cookie named this name will be deleted from the related computer; for example: setcookie('name','');
2. Another way is to set the cookie expiration time to time() or time()-1, then the cookie will be deleted (actually invalidated) after the page is browsed. For example: setcookie('name','PHP Huaibei',time()-24*60*60);
   It should be noted that when a cookie is deleted, its value is still valid on the current page.

Notes on using cookies:

1. First of all, it must be set before the content of the HTML file is output (Cookie is part of the HTTP protocol header and is used to transfer information between the browser and the server, so it must be called before any content belonging to the HTML file itself is output. Cookie function.

You can use it on the PHP page first ob_start();//Start code….. ob_end_flush(); //Refresh cache can prevent header prompt error);

1. Different browsers handle cookies differently
2. Cookie restrictions are on the client side. The maximum number of cookies that can be created by a browser is 30, and each cookie cannot exceed 4KB. The total number of cookies that can be set by each WEB site cannot exceed 20.
3. The currently set cookie does not take effect immediately, but will not be visible until the next page

Session Introduction The session mechanism is a server-side mechanism. The server uses a structure similar to a hash table (or a hash table) to save information. Each website visitor will be assigned a unique identifier, that is, a session ID, its storage form is nothing more than two: either passed through the url, or stored in the cookies of the client. Of course, you can also save the Session in the database, which will be safer, but the efficiency will be reduced. The url method The transfer security is definitely too poor. PHP's session mechanism is to set a cookie and save the session ID (Session ID) in the cookie. A session file will be generated on the server side and associated with the user. The web application stores data related to these sessions. , and transferred between pages. PHP related functions There are many functions related to Session in PHP, but these are the few functions we use most: session_start(): Enable the session mechanism and call it at the beginning of the program file that needs to use the session. session_register(): Register session variable session_unregister(): Delete session variables (one by one) session_is_registered(): Determine whether the session variable is registered session_distroy(): Destroy all session variables (all session variables are destroyed, including files) You need to pay attention to the following aspects: 1. The function session_start() must be executed at the beginning of the program, and there cannot be any output content in front of it, otherwise “Warning:Cannot send session cookie - headers already will appear sent" a warning message like this. 2. The function session_register() is used to register relevant variables to be saved in the session. Its usage is as follows: $val = "session value"; session_register("val"); ?> val is the name of the session variable to be registered. Do not add the "$" symbol when registering, just write the variable name. 3. The function session_unregister() has exactly the same usage as the above function, but has the opposite function. The above function is to register session variable, which deletes the specified session variable. 4. The function session_is_registered() is used to determine whether the session variable is registered. 5. The function session_destroy() is mainly used to destroy all session variables when the system logs out and exits. It has no parameters and can be called directly. Configuration of the relationship between Session and PHP.ini 1,session.save_handler = file The method used to read/write back session data, the default is files. It will cause PHP's session management function to use the specified text file to store session data 2,session.save_path = “/xammp/temp/” Specify the directory to save the session file. You can specify another directory. However, the specified directory must have write permissions from the httpd daemon owner (such as apache or www, etc.), otherwise the session data cannot be restored. It can also be written like session.save_path = "N;/path" where N is an integer. This means that not all session files are saved in the same directory, but are scattered in different directories. This is helpful when the server handles a large number of session files. (Note: The directory needs to be created manually) 3,session.auto_start = 0 If this option is enabled, the session will be initialized for each user request.Not recommended, it is better to initialize the session explicitly through session_start(). Above picture: The left side is the session file saved under xammp/tmp/, the content is in PHP serialization format Right side: The first line is echo serialize($_SESSION['name']);//Serialization The second line prints the session value ************************The file name is session-name and the content is in PHP serialized format The difference and relationship between cookie and session

• Storage location:

1. The session is stored on the server location, and the session related configuration can be configured through php.ini
2. Cookies are stored on the client (actually they can be divided into two types:

1. Persistent cookie, the time when the cookie is set, is stored on the hard disk in the form of a file, 2. Session cookie, no cookie time is set, and the life cycle of the cookie is to disappear before closing the browser. Generally, it will not be saved on the hard disk, but on the memory) The relationship between cookie and session As you can see from the picture above: Cookie sent via http header: Cookie <font face="Arial">name=PHP%BB%B4%B1%B1; PHPSESSID=cpt2ah3pi4cu7lo69nfbfllbo7<code><font face="Arial">name=PHP%BB%B4%B1%B1; PHPSESSID=cpt2ah3pi4cu7lo69nfbfllbo7</font> <font face="Arial" size="2">PHPSESSID is an important parameter associated with the server session<code><font face="Arial" size="2">其中PHPSESSID就是关联服务器session的重要参数</font> <font face="Arial" size="2">Look at the session file again: sess_cpt2ah3pi4cu7lo69nfbfllbo7<code><font face="Arial" size="2">再看session文件：sess_cpt2ah3pi4cu7lo69nfbfllbo7</font> <font face="Arial" size="2">The generation format of session_id is: sess_ plus a string of PHPSESSID values<code><font face="Arial" size="2">session_id的生成格式就是：sess_加上一串PHPSESSID的值</font> <font face="Arial" size="2">We can understand it this way: <code><font face="Arial" size="2">我们可以这样理解：</font> When the program needs to create a session for a client's request, the server first checks whether the client's request already contains a session identifier (called session id). If it does, it means that this client has been used before. Once a session is created, the server will retrieve the session and use it according to the session id (if it cannot be retrieved, it will create a new one). If the client request does not include the session id, a session will be created for the client and a session will be generated associated with this session. The session id, the value of the session id should be a string that is neither repeated nor easy to find patterns to counterfeit. This session id will be returned to the client in this response for storage. The method of saving this session ID can use cookies, so that during the interaction process, the browser can automatically send this identification to the server according to the rules. Generally, the name of this cookie is similar to SEEESIONID Configuration related to session and cookie in php.ini 1,session.use_cookie = 1
Whether to use the Cookie method to pass the session id value. The default is 1, which means enabled.
2,session.name = PHPSESSID
Whether the cookie passes sessioin_id or the GET method passes session_id, the key value needs to be used. Their formats are Cookie: sess_name=session_id; and /path.php?sess_name=session_id, where sess_name is specified here.
3,session.use_only_cookies = 0
Indicates that only the session id is passed using the Cookie method. We have said that in addition to cookies, there is also the GET method for passing cookies. The GET method is an unsafe method. When cookies are disabled on the user side, the GET method will be used to pass the session_id. You can use this setting to pass the session_id using the GET method.
4. session.cookie_lifetime = 0, session.cookie_path = / and session.cookie_domain =
If you use the Cookie method to pass session_id, the cookie valid domain, directory and time are specified here. Corresponding to the formal parameters $expire, $path and $domain of the setcookie() function respectively. Among them, cookie_lifetime=0 means that the cookie will not be deleted until the browser is closed. These values ​​can also be modified using the session_set_cookie_params() function.
5,session_name([string $name])
Get or update session_name. If name is passed, it means that the default name PHPSESSID (specified by session.name) is not used, otherwise the current session_name is obtained. Note: If session_name is set, it must be called before session_start() to take effect.
6,session_id([string $id])
Similar to session_name(), but it is a method to read or set session_id. Similarly, if session_id is set, it must be called before session_start() to be effective.
7, session_set_cookie_params() and session_get_cookie_params()
The three php.ini settings of session.cookie_lifetime, session.cookie_path and session.cookie_domain can be reset through session_set_cookie_params(). Session_get_cookie_params() obtains the values ​​of these settings. Summary:

1. The server-side session is more secure than the client-side cookie
2. Session is easily out of sync in a server cluster, but cookies will not

ps: Problems with using cookies to log out this afternoon When exiting use: setcookie('username','',time()-3600);
setcookie('name','',time()-3600);
Theoretically, cookies should be cleared normally. During the test, it was found that the first login and exit were completely normal, but I could not log out after logging in again. The cookie always existed, which was very depressing. I used firebug to check that the original page cache was set, and nginx was used to set the page cache. The reason That is, I found

http://www.bkjia.com/PHPjc/632253.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632253.htmlTechArticle Share an article with a detailed explanation of the difference between cookies and sessions. Friends in need can refer to it. It is very valuable. of an article. Cookies are often used to identify users. The cookie is the server...