Backend DevelopmentPHP TutorialIn-depth analysis of whether Session must rely on Cookie_PHP tutorialIn-depth analysis of whether Session must rely on Cookie_PHP tutorial
The session in php can use the client's cookie by default (to distinguish it from cookies in the ordinary sense, I call it session cookie, and cookies in the ordinary sense are cookies) to save the session id, but in php Can the session only use session cookies?
Of course not, otherwise why bother to create a session? Why not just use cookies directly. One of the great advantages of session is that when the client's cookie is disabled, the session id will be automatically attached to the URL, so that the session id can be used Can remember session variables.
I will write two files below to confirm. First, disable cookies in the browser.
//The file name is test1.php
session_start();
session_register("url");
$url="test2. php";
echo "goto test2.php";
?>
// The file name is test2.php
session_start();
if (session_is_registered("url")) {
echo "congratulations.";
$url="test1.php";
echo "goto test1.php";
} else
echo "failed.";
?>
Now Enter "http://localhost/test1.php" in the browser, move the mouse over the link and look at the address on the status bar. It is not simply "http://localhost/test2.php", but this Format: "http://localhost/test2.php?phpsessid=6e3610749f7ded3784bc4a4dd10f879b".
You can also view the html source file, which is in this form:
goto test2.php a>
So this is entirely due to PHP and has nothing to do with the browser, which means that the session is valid no matter what browser you use, not only for IE as some people think.
However, our hyperlink statement is output by the echo statement. What will happen if the hyperlink is not included in the PHP tag ?>? Let’s write an example to verify it, put test1. php slightly modified:
session_start();
session_register("url");
$url="test2.php";
echo "goto test2.php";?>
< ;a href="test2.php">(html form)goto test2.php
Enter "http://localhost/test1.php" in the browser, move the mouse to the two links respectively to see if there is any difference? You can see that the two links are exactly the same, and the following will automatically Comes with session id. So you don’t have to worry about links not included in php tags being invalid, php won’t be so stupid.
But when using it, please note that you must first use the session_start() function to tell PHP to start using the session, even if you only have html code in this file, such as:
session_start();?>
gogogo
…………
I remember someone said that this advantage can only be exerted under linux/unix, but I use win2000p+apache1.3.17+php4.0.4pl1, php is the apache module mode, but it still works. On the contrary, I switched When I went to Linux for testing, it didn't work. In fact, an option during compilation --enable-trans-sid controls whether this function is useful. When compiling according to PHP default, this function is not turned on. Just Just add it when recompiling. My configuration is apache1.3.17+php4.0.4pl1, and php is in apache module mode. After recompiling on Linux, the test with netscape navigator4.7 can pass (this further proves that it has nothing to do with the browser) ).
Session alone cannot be used across windows. Even if you enable cookies, when you have a legal session id in a window (recorded in the session cookie, not in the URL), open a new window and enter the same window. When you open the page, you will have a new session id, which will not affect the previous window.
If you want to use the same session id across windows, you can only specify the session id after the url. That is to say, if you copy the url of the window with session id, in the newly opened window Paste it in and still use it. Knowing the principle of session id, it is not difficult to implement cross-window session. You can combine cookie with session. First get the current legal session id, and then record it in In the cookie, the current session id can be obtained by reading the cookie in other windows.
How does PHP identify a user's session?May 01, 2025 am 12:23 AMPHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.
What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AMThe security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.
Where are PHP session files stored by default?May 01, 2025 am 12:15 AMPHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita
How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AMToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si
How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AMThe steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.
How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PMThe article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.
What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PMThe article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.
How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PMArticle discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
Dreamweaver CS6
Visual web development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
