Study notes: Talk about how to use PHP Session_PHP Tutorial-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Study notes: Talk about how to use PHP Session_PHP Tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 15, 2016 pm 01:28 PM

phpsessionmainintroduceInstructionsworthplacestudyushaveofnotes

There is a lot worth learning about PHP. Here we mainly introduce the use of PHP Session. Compared with Cookie in PHP development, session is a session stored on the server side, which is relatively safe and does not have storage length limit like Cookie. Below we will briefly introduce the use of PHP Session.

Since the Session is stored on the server side in the form of a text file, there is no fear of the client modifying the Session content. In fact, in the session file on the server side, PHP automatically modifies the permissions of the session file, retaining only system read and write permissions, and cannot be modified through ftp, so it is much safer. PHPChina Open Source Community Portal For cookies, assuming we want to verify whether the user is logged in, we must save the user name and password (possibly an md5 encrypted string) in the cookie, and verify it every time the page is requested. If the username and password are stored in the database, a database query must be executed every time, causing unnecessary burden on the database.

Because we cannot do verification only once. Why? Because the information in the client cookie may be modified. If you store the $admin variable to indicate whether the user is logged in, when $admin is true, it means logged in, and when it is false, it means not logged in. After passing the verification for the first time, store $admin equal to true in the cookie, and there will be no need to verify next time. Okay, is this right? Wrong. If someone forges a $admin variable with a value of true, doesn't that mean he or she will immediately gain administrative rights? It's very unsafe.

The Session is different. The Session is stored on the server side. Remote users cannot modify the contents of the session file. Therefore, we can simply store a $admin variable to determine whether to log in. Set $admin after the first verification is passed. If the value is true, then determine whether the value is true. If not, go to the login interface, which can reduce a lot of database operations. And it can reduce the insecurity of passing the password every time to verify the cookie (session verification only needs to be passed once, if you do not use the SSL security protocol). Even if the password is md5 encrypted, it can be easily intercepted.

Of course, there are many advantages to using session, such as easy control and user-defined storage (stored in the database). I won’t say much more here. Does PHP Session need to be set in php.ini? Generally not required, because not everyone has the permission to modify PHP.ini. The default storage path of session is the system temporary folder of the server. We can customize it to be stored in In your own folder, I will introduce this later.

Start introducing how to create a session. Very simple, really. Start the session and create a $admin variable:

<ol class="dp-xml">
<li class="alt"><span><span>// 启动 session  </span></span></li>
<li class=""><span>session_start();  </span></li>
<li class="alt"><span>// 声明一个名为 admin 的变量，并赋空值。  </span></li>
<li class=""><span>$_session["admin"] = null;  </span></li>
<li class="alt">
<span></span><span class="tag"><strong><font color="#006699">?></font></strong></span><span> </span>
</li>
</ol>

If you use Seesion, or the PHP file wants to call the Session variable, you must start it before calling the Session, use the session_start() function . You don’t need to set anything else, PHP automatically creates the session file. After executing this program, we can find the session file in the system temporary folder. Generally, the file name is in the form: sess_4c83638b3b0dbf65583181c2f89168ec, followed by a 32-bit encoded random string. Open it with an editor and take a look at its content:

Generally the content is structured like this:

<ol class="dp-xml">
<li class="alt"><span><span>// 表单提交后...  </span></span></li>
<li class="">
<span>$</span><span class="attribute"><font color="#ff0000">posts</font></span><span> = $_POST;  </span>
</li>
<li class="alt"><span>// 清除一些空白符号  </span></li>
<li class="">
<span>foreach ($posts as $</span><span class="attribute"><font color="#ff0000">key</font></span><span> =</span><span class="tag"><strong><font color="#006699">></font></strong></span><span> $value)  </span>
</li>
<li class="alt"><span>{  </span></li>
<li class=""><span>$posts[$key] = trim($value);  </span></li>
<li class="alt"><span>}  </span></li>
<li class="">
<span>$</span><span class="attribute"><font color="#ff0000">password</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">md5</font></span><span>($posts["password"]);  </span>
</li>
<li class="alt">
<span>$</span><span class="attribute"><font color="#ff0000">username</font></span><span> = $posts["username"];  </span>
</li>
<li class="">
<span>$</span><span class="attribute"><font color="#ff0000">query</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">"SELECT `username` FROM `user` WHERE `password` = '$password'"</font></span><span>;  </span>
</li>
<li class="alt"><span>// 取得查询结果  </span></li>
<li class="">
<span>$</span><span class="attribute"><font color="#ff0000">userInfo</font></span><span> = $DB-</span><span class="tag"><strong><font color="#006699">></font></strong></span><span>getRow($query);  </span>
</li>
<li class="alt"><span>if (!empty($userInfo))  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>if ($userInfo["username"] == $username)  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>// 当验证通过后，启动 session  </span></li>
<li class=""><span>session_start();  </span></li>
<li class="alt"><span>// 注册登陆成功的 admin 变量，并赋值 true  </span></li>
<li class=""><span>$_session["admin"] = true;  </span></li>
<li class="alt"><span>}  </span></li>
<li class=""><span>else  </span></li>
<li class="alt"><span>{  </span></li>
<li class=""><span>die("用户名密码错误");  </span></li>
<li class="alt"><span>}  </span></li>
<li class=""><span>}  </span></li>
<li class="alt"><span>else  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>die("用户名密码错误");  </span></li>
<li class=""><span>}  </span></li>
<li class="alt"><span>我们在需要用户验证的页面启动 session，判断是否登陆：  </span></li>
<li class=""><span>// 防止全局变量造成安全隐患  </span></li>
<li class="alt">
<span>$</span><span class="attribute"><font color="#ff0000">admin</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">false</font></span><span>;  </span>
</li>
<li class=""><span>// 启动会话，这步必不可少  </span></li>
<li class="alt"><span>session_start();  </span></li>
<li class=""><span>// 判断是否登陆  </span></li>
<li class="alt"><span>if (isset($_SESSION["admin"]) && $_session["admin"] === true)  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>echo "您已经成功登陆";  </span></li>
<li class=""><span>}  </span></li>
<li class="alt"><span>else  </span></li>
<li class=""><span>{  </span></li>
<li class="alt"><span>// 验证失败，将 $_session["admin"] 置为 false  </span></li>
<li class=""><span>$_session["admin"] = false;  </span></li>
<li class="alt"><span>die("您无权访问");  </span></li>
<li class=""><span>}  </span></li>
<li class="alt">
<span></span><span class="tag"><strong><font color="#006699">?></font></strong></span><span> </span>
</li>
</ol>

Is it very simple? Think of $_session as It can be stored in an array on the server side. Each variable we register is a key of the array, which is no different from using an array.

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

如何通过编写代码来学习 PHP8 中的文件操作技巧Sep 12, 2023 pm 04:25 PM

如何通过编写代码来学习PHP8中的文件操作技巧PHP是一种广泛应用于Web开发的脚本语言，能够方便地对文件进行操作，如读写文件、创建目录等。掌握PHP的文件操作技巧对于开发人员来说是非常重要的。本文将介绍如何通过编写代码来学习PHP8中的文件操作技巧。第一步：搭建PHP开发环境在学习PHP的文件操作技巧之前，我们首先需要搭建一个P

从零开始学Spring CloudJun 22, 2023 am 08:11 AM

作为一名Java开发者，学习和使用Spring框架已经是一项必不可少的技能。而随着云计算和微服务的盛行，学习和使用SpringCloud成为了另一个必须要掌握的技能。SpringCloud是一个基于SpringBoot的用于快速构建分布式系统的开发工具集。它为开发者提供了一系列的组件，包括服务注册与发现、配置中心、负载均衡和断路器等，使得开发者在构建微

从零开始学习Django框架：实用教程和示例Sep 28, 2023 am 08:42 AM

从零开始学习Django框架：实用教程和示例Django是一种流行的PythonWeb应用程序框架，它简化了网站的开发过程。它提供了一套强大的工具和库，帮助开发者构建高效、可扩展和安全的Web应用程序。对于初学者来说，学习Django可能会有些困难，但是通过一些实用的教程和示例，你可以快速上手并了解这个框架的核心概念和用法。本文将带你逐步学习Django框

轻松学会win7怎么还原系统Jul 09, 2023 pm 07:25 PM

win7系统自带有备份还原系统的功能，如果之前有给win7系统备份的话，当电脑出现系统故障的时候，我们可以尝试通过win7还原系统修复。那么win7怎么还原系统呢？下面小编就教下大家如何还原win7系统。具体的步骤如下：1、开机在进入Windows系统启动画面之前按下F8键，然后出现系统启动菜单，选择安全模式登陆即可进入。2、进入安全模式之后，点击“开始”→“所有程序”→“附件”→“系统工具”→“系统还原”。3、最后只要选择最近手动设置过的还原点以及其他自动的还原点都可以，但是最好下一步之前点击

学习PHP中的PHPUNIT框架Jun 22, 2023 am 09:48 AM

随着Web应用程序的需求越来越高，PHP技术在开发领域中变得越来越重要。在PHP开发方面，测试是一个必要的步骤，它可以帮助开发者确保他们创建的代码在各种情况下都可靠和实用。在PHP中，一个流行的测试框架是PHPUnit。PHPUnit是一个基于Junit的测试框架，其目的是创建高质量、可维护和可重复的代码。下面是一些学习使用PHPUnit框架的基础知识和步骤

分割后门训练的后门防御方法：DBDApr 25, 2023 pm 11:16 PM

香港中文大学（深圳）吴保元教授课题组和浙江大学秦湛教授课题组联合发表了一篇后门防御领域的文章，已顺利被ICLR2022接收。近年来，后门问题受到人们的广泛关注。随着后门攻击的不断提出，提出针对一般化后门攻击的防御方法变得愈加困难。该论文提出了一个基于分割后门训练过程的后门防御方法。本文揭示了后门攻击就是一个将后门投影到特征空间的端到端监督训练方法。在此基础上，本文分割训练过程来避免后门攻击。该方法与其他后门防御方法进行了对比实验，证明了该方法的有效性。收录会议：ICLR2022文章链接：http

我能学习Selenium而不了解Java吗？Sep 11, 2023 pm 07:09 PM

这个问题涉及到许多实际上并不了解核心技术并希望在SeleniumAutomation领域发展职业生涯的专业人士。编码这个术语让非程序员有点害怕，甚至不敢从自动化之类的东西开始。人们认为非程序员无法在自动化方面表现出色，但这只是在头脑中。许多值得和有能力的手动测试人员回避Selenium，只是认为它需要一些特殊技能。Selenium脚本是用多种语言设计的，例如Python、Ruby、C#、JavaScript和Java就是其中之一他们当中就有这样的人。了解了Java的受欢迎程度和未来前景，现在更倾

轻松学会win7如何升级win10系统Jul 15, 2023 am 09:37 AM

随着win10系统的成熟，微软停止win7的更新和支持，越来越多人选择win10系统使用，打算将自己的win7升级win10系统。不过很多小伙伴不知道win7如何升级win10系统，找不到升级的按键。下面小编教大家一个简单的win7升级win10系统的方法。我们可以借助工具轻松实现win7升级安装win10的方法，具体的操作步骤如下：1、先在电脑上下载安装小鱼一键重装系统工具并打开，关闭电脑的杀毒软件，备份c盘重要资料。然后选择需要安装的win10系统点击安装此系统。2、这个界面选择想要安装的软

See all articles