The default session timeout in PHP is 30 minutes, but sometimes it automatically times out before 30 minutes. This brings inconvenience to many operations. Let’s take a look at how to solve the 30-minute timeout.
First answer
Then, the most common answer is: Set the session expiration time, which is session.gc_maxlifetime. This answer is incorrect for the following reasons:
1. First of all, this PHP uses a certain probability to run the gc of the session, that is, session.gc_probability and session.gc_divisor (for introduction, please refer to the small probability Notice of Session Gc in In-depth Understanding of PHP Principles), this default The values are 1 and 100 respectively, which means there is a 1% chance that PHP will run Session gc when a Session is started. There is no guarantee that it will expire in 30 minutes.
2. What about setting a high-probability cleanup opportunity? Still inappropriate, why? Because PHP uses the modification time of the stat Session file to determine whether it has expired. If this probability is increased, firstly, it will reduce performance. Secondly, PHP Use "a" file to save Session variables related to a session. Suppose I set a Session variable with a=1 5 minutes ago, and set a Seesion variable with b=2 5 minutes later. Then the modification of this Session file The time is the time when moment b is added, then a cannot be cleared at 30 minutes. There is also the third reason below.
3. By default, PHP (Linux as an example) uses /tmp as the default storage directory of Session, and the manual also has the following description:
Note: If different scripts have different session.gc_maxlifetime values but share the same place to store session data, the script with the smallest value will clean up the data. In this case, use this directive together with session.save_path.
That is to say, if there are two applications that do not specify their own independent save_path, one sets the expiration time to 2 minutes (assumed to be A), and the other sets the expiration time to 30 minutes (assumed to be B), then each time A When the Session gc is running, the Session files belonging to application B will be deleted at the same time.
So, the first answer is not "completely strictly" correct.
The second answer
Another common answer is: Set the carrier of the Session ID and the expiration time of the Cookie, which is session.cookie_lifetime. This answer is also incorrect for the following reasons:
This expiration is just Cookie expiration. In other words, let’s examine the difference between Cookie and Session. Session expiration is server expiration, while Cookie expiration is guaranteed by the client (browser). Even if you set Cookie expiration, this only It can ensure that the standard browser will not send this cookie (containing Session ID) when it expires, and if you construct a request, you can still use the value of this Session ID.
The third answer
Using memcache, redis, okey, etc., this answer is a correct answer. However, obviously the questioner will definitely ask you next, what if you just use PHP?
The fourth answer
Of course, the interview is not for you, but to test the thoroughness of your thinking. During the process, I will point out these pitfalls, so generally speaking, the approach that meets the meaning of the question is:
1. Set the cookie expiration time to 30 minutes, and set the Session lifetime to 30 minutes.
2. Add Time stamp to each Session value yourself.
3. Before each visit, determine the timestamp.
Foreign website reference session.gc_maxlifetime
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up. Garbage collection may occur during session start (depending on session.gc_probability and session.gc_divisor).
Note:
If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.
Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other filesystem where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. So, you won't have problems with filesystems where atime tracking is not available.
session.referer_check string
session.referer_check contains the substring you want to check each HTTP Referer for. If the Referer was sent by the client and the substring was not found, the embedded session id will be marked as invalid. Defaults to the empty string.
session.entropy_file string
session.entropy_file gives a path to an external resource (file) which will be used as an additional entropy source in the session id creation process. Examples are /dev/random or /dev/urandom which are available on many Unix systems. This feature is supported on Windows since PHP 5.3.3. Setting session.entropy_length to a non zero value will make PHP use the Windows Random API as entropy source.
session.entropy_length integer
session.entropy_length specifies the number of bytes which will be read from the file specified above. Defaults to 0 (disabled).
session.use_cookies boolean
PHP原理之Session Gc的一个小概率Notice
如果在ubuntu/Debian下, 采用apt安装的PHP, 那么在使用Session的时候, 就可能会有小概率遇到这个提示.
PHP Notice: session_start(): ps_files_cleanup_dir:
opendir(/var/lib/php5) failed: Permission denied (13)
in /home/laruence/www/htdocs/index.php on line 22
这是因为, 在PHP中, 如果使用file_handler作为Session的save handler, 那么就有概率在每次session_start的时候运行Session的Gc过程.
php怎么把负数转为正整数Apr 19, 2022 pm 08:59 PMphp把负数转为正整数的方法:1、使用abs()函数将负数转为正数,使用intval()函数对正数取整,转为正整数,语法“intval(abs($number))”;2、利用“~”位运算符将负数取反加一,语法“~$number + 1”。
php怎么实现几秒后执行一个函数Apr 24, 2022 pm 01:12 PM实现方法:1、使用“sleep(延迟秒数)”语句,可延迟执行函数若干秒;2、使用“time_nanosleep(延迟秒数,延迟纳秒数)”语句,可延迟执行函数若干秒和纳秒;3、使用“time_sleep_until(time()+7)”语句。
php怎么除以100保留两位小数Apr 22, 2022 pm 06:23 PMphp除以100保留两位小数的方法:1、利用“/”运算符进行除法运算,语法“数值 / 100”;2、使用“number_format(除法结果, 2)”或“sprintf("%.2f",除法结果)”语句进行四舍五入的处理值,并保留两位小数。
php字符串有没有下标Apr 24, 2022 am 11:49 AMphp字符串有下标。在PHP中,下标不仅可以应用于数组和对象,还可应用于字符串,利用字符串的下标和中括号“[]”可以访问指定索引位置的字符,并对该字符进行读写,语法“字符串名[下标值]”;字符串的下标值(索引值)只能是整数类型,起始值为0。
php怎么根据年月日判断是一年的第几天Apr 22, 2022 pm 05:02 PM判断方法:1、使用“strtotime("年-月-日")”语句将给定的年月日转换为时间戳格式;2、用“date("z",时间戳)+1”语句计算指定时间戳是一年的第几天。date()返回的天数是从0开始计算的,因此真实天数需要在此基础上加1。
php怎么读取字符串后几个字符Apr 22, 2022 pm 08:31 PM在php中,可以使用substr()函数来读取字符串后几个字符,只需要将该函数的第二个参数设置为负值,第三个参数省略即可;语法为“substr(字符串,-n)”,表示读取从字符串结尾处向前数第n个字符开始,直到字符串结尾的全部字符。
php怎么替换nbsp空格符Apr 24, 2022 pm 02:55 PM方法:1、用“str_replace(" ","其他字符",$str)”语句,可将nbsp符替换为其他字符;2、用“preg_replace("/(\s|\ \;||\xc2\xa0)/","其他字符",$str)”语句。
php怎么判断有没有小数点Apr 20, 2022 pm 08:12 PMphp判断有没有小数点的方法:1、使用“strpos(数字字符串,'.')”语法,如果返回小数点在字符串中第一次出现的位置,则有小数点;2、使用“strrpos(数字字符串,'.')”语句,如果返回小数点在字符串中最后一次出现的位置,则有。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
Dreamweaver Mac version
Visual web development tools
WebStorm Mac version
Useful JavaScript development tools
Notepad++7.3.1
Easy-to-use and free code editor
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
