Sharing the solution ideas and implementation methods of session never expiring in PHP_PHP Tutorial

We developed a system in the early stage that only the company's customer service personnel can use - a limited number of customer service personnel. It was these limited customer service staff who suddenly raised this question a few days ago: every very short period of time (half an hour without operating the page), when we were anxious to solve the customer's problem, the system prompted that we needed to log in, which was delayed. Customer's time... This is very unpleasant!

Customer is God, the only God. So the boss asked us to realize that the session in PHP never expires, unless our customer service staff artificially lets it expire. I don't understand this never-expiration behavior for security reasons; I really don't want to modify the previous program for laziness reasons. But there is no way, I still need to change.

The best way is not to modify the program, because if you modify the program, the testing department will be very depressed like me. Then you can only modify the system environment configuration. In fact, it is very simple. Open the php.ini setting file and modify The three lines are as follows:

1. session.use_cookies
Set this value to 1 and use cookies to pass sessionid
2. session.cookie_lifetime
This represents the SessionID stored in the client cookie The time, the default is 0, which means that the SessionID will be invalidated as soon as the browser closes... It is because of this that the PHP session cannot be used permanently! So let's set it to a number that we think is very big, how about 999999999, that's ok! that's all.
3. session.gc_maxlifetime
This is the time that the Session data is stored on the server side. If it exceeds this time, the Session data will be automatically deleted! Then we also set it to 99999999.
That's it, everything is ok. Of course, if you don't believe it, just test it and see - set up a session and come back after 10 days and a half. If your computer does not lose power or crash, you will still You can see this sessionid.
Of course, it is also possible that you do not have permission to control the server and are not as lucky as me to be able to modify the php.ini settings. We have a way to rely on ourselves. Of course, we must use the client to store cookies, and get the sessionID Store it in the client's cookie, set the value of this cookie, and then pass this value to the session_id() function. The specific method is as follows:

Copy code Code As follows:

session_start(); // Start Session
$_SESSION['count']; // Register Session variable Count
isset($PHPSESSID )?session_id($PHPSESSID):$PHPSESSID = session_id();
// If $PHPSESSID is set, assign SessionID to $PHPSESSID, otherwise generate SessionID
$_SESSION['count']++; // Increase variable count by 1
setcookie('PHPSESSID', $PHPSESSID, time()+3156000); // Store SessionID in Cookie
echo $count; // Display the value of Session variable count
?>

If you come back to refresh this page after a long time (how long? You can see for yourself) and the output number is 1 larger than when you left, then that’s right! If it is much larger, It is estimated that someone touched your computer. This test is not accurate. Haha... go out for a while!
Note: The 'PHPSESSID' in the setcookie line is not certain. If you encounter someone with The network administrator who is crazy about modification may have modified it. The best way is to use the phpinfo() function to check and confirm the value of the session.name item, which is more scientific.

http://www.bkjia.com/PHPjc/323118.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/323118.htmlTechArticleWe developed a system in the early stage that can only be used by the company's customer service personnel - a limited number of customer service personnel. It was these limited customer service staff who suddenly raised such a question a few days ago...