Study notes: Talk about how to use PHP Session_PHP Tutorial-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Study notes: Talk about how to use PHP Session_PHP Tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 15, 2016 pm 01:28 PM

phpsessionmainintroduceInstructionsworthplacestudyushaveofnotes

There is a lot worth learning about PHP. Here we mainly introduce the use of PHP Session. Compared with Cookie in PHP development, session is a session stored on the server side, which is relatively safe and does not have storage length limit like Cookie. Below we will briefly introduce the use of PHP Session.

Since the Session is stored on the server side in the form of a text file, there is no fear of the client modifying the Session content. In fact, in the session file on the server side, PHP automatically modifies the permissions of the session file, retaining only system read and write permissions, and cannot be modified through ftp, so it is much safer. PHPChina Open Source Community Portal For cookies, assuming we want to verify whether the user is logged in, we must save the user name and password (possibly an md5 encrypted string) in the cookie, and verify it every time the page is requested. If the username and password are stored in the database, a database query must be executed every time, causing unnecessary burden on the database.

Because we cannot do verification only once. Why? Because the information in the client cookie may be modified. If you store the $admin variable to indicate whether the user is logged in, when $admin is true, it means logged in, and when it is false, it means not logged in. After passing the verification for the first time, store $admin equal to true in the cookie, and there will be no need to verify next time. Okay, is this right? Wrong. If someone forges a $admin variable with a value of true, doesn't that mean he or she will immediately gain administrative rights? It's very unsafe.

The Session is different. The Session is stored on the server side. Remote users cannot modify the contents of the session file. Therefore, we can simply store a $admin variable to determine whether to log in. Set $admin after the first verification is passed. If the value is true, then determine whether the value is true. If not, go to the login interface, which can reduce a lot of database operations. And it can reduce the insecurity of passing the password every time to verify the cookie (session verification only needs to be passed once, if you do not use the SSL security protocol). Even if the password is md5 encrypted, it can be easily intercepted.

Of course, there are many advantages to using session, such as easy control and user-defined storage (stored in the database). I won’t say much more here. Does PHP Session need to be set in php.ini? Generally not required, because not everyone has the permission to modify PHP.ini. The default storage path of session is the system temporary folder of the server. We can customize it to be stored in In your own folder, I will introduce this later.

Start introducing how to create a session. Very simple, really. Start the session and create a $admin variable:

<ol class="dp-xml">
<li class="alt"><span><span>// 启动 session  </span></span></li>
<li class=""><span>session_start();  </span></li>
<li class="alt"><span>// 声明一个名为 admin 的变量，并赋空值。  </span></li>
<li class=""><span>$_session["admin"] = null;  </span></li>
<li class="alt">
<span></span><span class="tag"><strong><font color="#006699">?></font></strong></span><span> </span>
</li>
</ol>

If you use Seesion, or the PHP file wants to call the Session variable, you must start it before calling the Session, use the session_start() function . You don’t need to set anything else, PHP automatically creates the session file. After executing this program, we can find the session file in the system temporary folder. Generally, the file name is in the form: sess_4c83638b3b0dbf65583181c2f89168ec, followed by a 32-bit encoded random string. Open it with an editor and take a look at its content:

Generally the content is structured like this:

<ol class="dp-xml">
<li class="alt"><span><span>// 表单提交后...  </span></span></li>
<li class="">
<span>$</span><span class="attribute"><font color="#ff0000">posts</font></span><span> = $_POST;  </span>
</li>
<li class="alt"><span>// 清除一些空白符号  </span></li>
<li class="">
<span>foreach ($posts as $</span><span class="attribute"><font color="#ff0000">key</font></span><span> =</span><span class="tag"><strong><font color="#006699">></font></strong></span><span> $value)  </span>
</li>
<li class="alt"><span>{  </span></li>
<li class=""><span>$posts[$key] = trim($value);  </span></li>
<li class="alt"><span>}  </span></li>
<li class="">
<span>$</span><span class="attribute"><font color="#ff0000">password</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">md5</font></span><span>($posts["password"]);  </span>
</li>
<li class="alt">
<span>$</span><span class="attribute"><font color="#ff0000">username</font></span><span> = $posts["username"];  </span>
</li>
<li class="">
<span>$</span><span class="attribute"><font color="#ff0000">query</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">"SELECT `username` FROM `user` WHERE `password` = '$password'"</font></span><span>;  </span>
</li>
<li class="alt"><span>// 取得查询结果  </span></li>
<li class="">
<span>$</span><span class="attribute"><font color="#ff0000">userInfo</font></span><span> = $DB-</span><span class="tag"><strong><font color="#006699">></font></strong></span><span>getRow($query);  </span>
</li>
<li class="alt"><span>if (!empty($userInfo))  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>if ($userInfo["username"] == $username)  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>// 当验证通过后，启动 session  </span></li>
<li class=""><span>session_start();  </span></li>
<li class="alt"><span>// 注册登陆成功的 admin 变量，并赋值 true  </span></li>
<li class=""><span>$_session["admin"] = true;  </span></li>
<li class="alt"><span>}  </span></li>
<li class=""><span>else  </span></li>
<li class="alt"><span>{  </span></li>
<li class=""><span>die("用户名密码错误");  </span></li>
<li class="alt"><span>}  </span></li>
<li class=""><span>}  </span></li>
<li class="alt"><span>else  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>die("用户名密码错误");  </span></li>
<li class=""><span>}  </span></li>
<li class="alt"><span>我们在需要用户验证的页面启动 session，判断是否登陆：  </span></li>
<li class=""><span>// 防止全局变量造成安全隐患  </span></li>
<li class="alt">
<span>$</span><span class="attribute"><font color="#ff0000">admin</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">false</font></span><span>;  </span>
</li>
<li class=""><span>// 启动会话，这步必不可少  </span></li>
<li class="alt"><span>session_start();  </span></li>
<li class=""><span>// 判断是否登陆  </span></li>
<li class="alt"><span>if (isset($_SESSION["admin"]) && $_session["admin"] === true)  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>echo "您已经成功登陆";  </span></li>
<li class=""><span>}  </span></li>
<li class="alt"><span>else  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>// 验证失败，将 $_session["admin"] 置为 false  </span></li>
<li class=""><span>$_session["admin"] = false;  </span></li>
<li class="alt"><span>die("您无权访问");  </span></li>
<li class=""><span>}  </span></li>
<li class="alt">
<span></span><span class="tag"><strong><font color="#006699">?></font></strong></span><span> </span>
</li>
</ol>

Is it very simple? Think of $_session as It can be stored in an array on the server side. Each variable we register is a key of the array, which is no different from using an array.

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How can you check if a PHP session has already started?Apr 30, 2025 am 12:20 AM

In PHP, you can use session_status() or session_id() to check whether the session has started. 1) Use the session_status() function. If PHP_SESSION_ACTIVE is returned, the session has been started. 2) Use the session_id() function, if a non-empty string is returned, the session has been started. Both methods can effectively check the session state, and choosing which method to use depends on the PHP version and personal preferences.

Describe a scenario where using sessions is essential in a web application.Apr 30, 2025 am 12:16 AM

Sessionsarevitalinwebapplications,especiallyfore-commerceplatforms.Theymaintainuserdataacrossrequests,crucialforshoppingcarts,authentication,andpersonalization.InFlask,sessionscanbeimplementedusingsimplecodetomanageuserloginsanddatapersistence.

How can you manage concurrent session access in PHP?Apr 30, 2025 am 12:11 AM

Managing concurrent session access in PHP can be done by the following methods: 1. Use the database to store session data, 2. Use Redis or Memcached, 3. Implement a session locking strategy. These methods help ensure data consistency and improve concurrency performance.

What are the limitations of using PHP sessions?Apr 30, 2025 am 12:04 AM

PHPsessionshaveseverallimitations:1)Storageconstraintscanleadtoperformanceissues;2)Securityvulnerabilitieslikesessionfixationattacksexist;3)Scalabilityischallengingduetoserver-specificstorage;4)Sessionexpirationmanagementcanbeproblematic;5)Datapersis

Explain how load balancing affects session management and how to address it.Apr 29, 2025 am 12:42 AM

Load balancing affects session management, but can be resolved with session replication, session stickiness, and centralized session storage. 1. Session Replication Copy session data between servers. 2. Session stickiness directs user requests to the same server. 3. Centralized session storage uses independent servers such as Redis to store session data to ensure data sharing.

Explain the concept of session locking.Apr 29, 2025 am 12:39 AM

Sessionlockingisatechniqueusedtoensureauser'ssessionremainsexclusivetooneuseratatime.Itiscrucialforpreventingdatacorruptionandsecuritybreachesinmulti-userapplications.Sessionlockingisimplementedusingserver-sidelockingmechanisms,suchasReentrantLockinJ

Are there any alternatives to PHP sessions?Apr 29, 2025 am 12:36 AM

Alternatives to PHP sessions include Cookies, Token-based Authentication, Database-based Sessions, and Redis/Memcached. 1.Cookies manage sessions by storing data on the client, which is simple but low in security. 2.Token-based Authentication uses tokens to verify users, which is highly secure but requires additional logic. 3.Database-basedSessions stores data in the database, which has good scalability but may affect performance. 4. Redis/Memcached uses distributed cache to improve performance and scalability, but requires additional matching

Define the term 'session hijacking' in the context of PHP.Apr 29, 2025 am 12:33 AM

Sessionhijacking refers to an attacker impersonating a user by obtaining the user's sessionID. Prevention methods include: 1) encrypting communication using HTTPS; 2) verifying the source of the sessionID; 3) using a secure sessionID generation algorithm; 4) regularly updating the sessionID.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks agoByDDD

InZoi: How To Apply To School And University

4 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

2 weeks agoByDDD

Roblox: Dead Rails – How To Summon And Defeat Nikola Tesla

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.