A summary of experience in using SESSION in PHP_PHP Tutorial

When the SESSION session is opened, a cookie that uniquely identifies the session_id of the browser will be sent first (the name is PHPSESSID and can be obtained through session_name()). In the same case as session.save_handler = files, in the specified directory of the server (such as temp) Generate a file without suffix, the name is

Copy the code The code is as follows:

'sess_" + 'session_id';

This completes the basic settings. Then the next time an http request is initiated, the browser will first send all cookie names and values ​​​​under the current domain name, so that the server can read the session file based on the session_id in the cookie without confusing who the session belongs to.

This step is as follows:

SESSION sends a unique cookie variable session_id to the browser. This session_id variable has a name and a value. The variable name (name) defaults to PHPSESSID, and the variable value (value) is a string randomly generated by apach, similar to rvag9m368vim7k8g4v7k2ank70. The session_id usually refers to this unique string rvag9m368vim7k8g4v7k2ank70.

Specifically, this is under the HTTP response header of FF:


session_start();
The above sentence in the program completes the above function. If you browse If the server does not send a PHPSESSID cookie, it will send one, and if it does, it will read the cookie, so that the same session can be maintained.

Okay now that we know how the session works, we can deduce that if we manually delete the file sess_rvag9m368vim7k8g4v7k2ank70 on the server side, then the session will be invalid. If the browser cookie is invalid, then the session will still be invalid.
In manual case:
On the server side, you can use
session_destroy() or session_unset()
　 to invalidate it.
On the browser side:
You can directly
?setcookie('PHPSESSID','',123);
Let the cookie expire, or another way, but it cannot expire immediately
? session_set_cookie_params($time);//The seconds on the current timestamp, such as 60, that is, let it expire after 60 seconds. Do not use the timestamp + the time you set.
The above mentioned are all about letting the session expire early, but is it possible to directly delay the session? In addition to modifying the configuration (session.gc_maxlifetime), the expiration time is set in session.gc_maxlifetime in php.ini. At this time, there is a probability that session.gc_probability /session.gc_divisor will be recycled. If this time is reached and the GC process is started, the GC will read the modification time (mtime) of the session file and find that it is greater than session.gc_maxlifetime after subtracting the current time, and delete it immediately. At this point, we understand how to maintain this session. It can only be maintained within session.gc_maxlifetime. A user must be accessing it. The session must be modified every time it is accessed. This way, the session will have more survival time than session.gc_maxlifetime. .
Also talk about session.cookie_lifetime, which sets the survival time of PHPSESSID in the browser. The default is 0. I found it to be normal under IE. The cookie will become invalid when the browser is restarted; it continues to exist under FF. You can use session_set_cookie_params to set session.cookie_lifetime,
?session_set_cookie_params(60);//60 s session_start();
session.gc_maxlifetime and session.cookie_lifetime jointly determine the lifetime of the session.
-------------------------------------------------- ----------------
I just looked for information on firefox cookie session expiration and found the following

This is apparently by design. Check out this Bugzilla bug: https: //bugzilla.mozilla.org/show_bug.cgi?id=443354

Firefox has a feature where you close Firefox and it offers to save all your tabs, and then you restore the browser and those tabs come back. That's called session restore. What I didn't realize is that it'll also restore all the session cookies for those pages too! It treats it like you had never closed the browser.

This makes sense in the sense that if your browser crashed you get right back to where you were, but is a little disconcerting for web devs used to session cookies getting cleared. I've got some old session cookies from months ago that were set by sites I always have open in tabs.

To test this out, close all the tabs in your browser, then close the browser and restart it. I think the session cookies for your site should clear in that case. Otherwise you'd have to turn off session restore.

This is the session saving function of Firefox, and this is how FF is designed. You can do this test by closing all the tabs in your browser, then close the browser and restart it to see if it is still saved.

http://www.bkjia.com/PHPjc/325182.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/325182.htmlTechArticleWhen the SESSION session is opened, a cookie that uniquely identifies the session_id of the browser will be sent first (the name is PHPSESSID and can be passed session_name() obtains), the same as session.save_handler = files...