Home > Article > Backend Development > Detailed introduction to the use of Session in PHP (1)_PHP Tutorial
Compared with Cookie in PHP development, session is a session stored on the server side, which is relatively safe and does not have a storage length limit like Cookie. The following is an introduction to Session.
Session and Cookie in php
Compared with Cookie in PHP development, session is a session stored on the server side, which is relatively safe and does not have storage like Cookie. Length limit, this article briefly introduces the use of session.
Since the Session is stored on the server side in the form of a text file, there is no fear of the client modifying the Session content. In fact, in the session file on the server side, PHP automatically modifies the permissions of the session file, retaining only system read and write permissions, and cannot be modified through ftp, so it is much safer.
For cookies, assuming we want to verify whether the user is logged in, we must save the username and password (possibly an md5 encrypted string) in the cookie and verify it every time the page is requested. If the username and password are stored in the database, a database query must be executed every time, causing unnecessary burden on the database. Because we can't do just one verification. Why? Because the information in the client cookie may be modified. If you store the $admin variable to indicate whether the user is logged in, when $admin is true, it means logged in, and when it is false, it means not logged in. After passing the verification for the first time, store $admin equal to true in the cookie, and there will be no need to verify next time. Okay, is this right? Wrong. If someone forges a $admin variable with a value of true, doesn't that mean he or she will immediately gain administrative rights? It's very unsafe.
The Session is different. The Session is stored on the server side. Remote users cannot modify the contents of the session file. Therefore, we can simply store a $admin variable to determine whether to log in. Set $admin after the first verification is passed. If the value is true, then determine whether the value is true. If not, go to the login interface, which can reduce a lot of database operations. And it can reduce the insecurity of passing the password every time to verify the cookie (session verification only needs to be passed once, if you do not use the SSL security protocol). Even if the password is md5 encrypted, it can be easily intercepted.
Of course, there are many advantages to using session, such as easy control and user-defined storage (stored in the database). I won’t say much more here.
Does the session need to be set in php.ini? Generally not required, because not everyone has the permission to modify PHP.ini. The default storage path of the session is the system temporary folder of the server. We can Customizations are stored in their own folders, which I will introduce later.
How to create a Session in Php
Start by introducing how to create a session. Very simple, really.
Start the session and create a $admin variable:
<ol class="dp-c"> <li class="alt"><span><span class="comment">// 启动 session session_start(); </span><span> </span></span></li> <li> <span class="comment">// 声明一个名为 admin 的变量,并赋空值。 </span><span> </span> </li> <li class="alt"> <span class="vars">$_session</span><span>[</span><span class="string">"admin"</span><span>] = null; </span> </li> <li><span>?> </span></li> </ol>
If you use Session, or the PHP file wants to call the Session variable, you must start it before calling the Session , use the session_start() function. You don’t need to set anything else, PHP automatically creates the session file.
After executing this program, we can go to the system temporary folder to find the session file. The general file name is in the form: sess_4c83638b3b0dbf65583181c2f89168ec, followed by a 32-bit encoded random string. Open it with an editor and take a look at its contents:
<ol class="dp-c"><li class="alt"><span><span>admin|N; </span></span></li></ol>
1