Home > Article > Backend Development > Detailed explanation of PHP session storage method_PHP tutorial
Detailed explanation of PHP session storage method_PHP tutorial
- WBOYOriginal
- 2016-07-20 11:17:55917browse
First confirm whether the session is automatically opened or whether it needs to be opened manually through session_start():
; Specifies whether the session module automatically starts a session when the request starts. Default is 0 (do not start)
; Initialize session on request startup.
; http://php.net/session.auto-start
session.auto_start = 0
On the client side, sessions can be stored in cookies or retrieved via URL parameters. Dependent on server configuration:
; Specifies whether to use a cookie on the client to store the session ID. Default is 1 (enabled)
; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1
; Specifies whether to only use cookies to store session IDs on the client side. . Enabling this setting prevents attacks involving session IDs being passed through URLs.
; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combatting
; session hijacking when not specifying and managing your own session id. It is
; not the end all be all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
session.use_only_cookies = 1
If it is confirmed that it is stored in the cookie, you can further configure the configuration of the session stored in the cookie, such as cookie_name, cookie_lifetime, cookie_path, cookie_domain, cookie_secure, cookie_httponly
; Name of the session (used as cookie name).
; http://php.net/session.name
session.name = PHPSESSID
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
; The path for which the cookie is valid.
; http://php.net/session.cookie-path
session.cookie_path = /
; The domain for which the cookie is valid.
; http://php.net/session.cookie-domain
session.cookie_domain =
; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
; http://php.net/session.cookie-httponly
session.cookie_httponly =
On the server side, sessions can also be stored in a variety of ways. The default session is stored in a file, and session.save_path is the path to create the storage file.
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP
's session functions.
;
; The path can be defined as:
;
; session.save_path = "N;/path"
;
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
; session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; http://php.net/session.save-path
;session.save_path = "/tmp"
PHP supports session_set_save_handler to implement custom open, close, read, write, destroy, gc processing functions of the session processor. Common session processors include the use of memory allocation (such as mm, memcache, etc.), which can also be used Database for storage. It can be seen that if the session storage needs to work together with the file system (such as using the database PostgreSQL Session Save Handler or the default file storage files), it may cause the user-customized session processor to lose the session that does not store data. If you use memory allocation storage, you need to consider the issue of session persistent storage.
Next, we will focus on the memcache(d?) session processor.
The Memcache module provides convenient process-oriented and object-oriented interfaces to memcached. Memcached is a resident process cache product produced to reduce the load of data from the database by dynamic web applications.
The Memcache module also provides a session processor (memcache).
For more information about memcached, please see » http://www.memcached.org/.
Memcached is a high-performance distributed memory object caching system, which is usually used to reduce database loading pressure to improve the response speed of dynamic web applications.
This extension uses the API provided by the libmemcached library to interact with the memcached server. It also provides a session handler (memcached). It also provides a session processor (memcached).
More information about libmemcached can be viewed at » http://libmemcached.org/libMemcached.html.
memcache session processor configuration:
session.save_handler = memcache
session.save_path = "tcp://127.0.0.1:11211?persistent=0&weight=1&timeout=1&retry_interval=15,tcp://127.0.0.1:11212?persistent=0&weight=1&timeout=1&retry_interval=15,tcp: //127.0.0.1:11213?persistent=0&weight=1&timeout=1&retry_interval=15,tcp://127.0.0.1:11214?persistent=0&weight=1&timeout=1&retry_interval=15"
The database handler can be implemented using Session PgSQL (this extension is considered unmaintained). You can also use other databases to implement session storage, but you need to customize the handler function function.session-set-save-handler.php. For specific custom processors, see maria at junkies dot jp.