Home  >  Article  >  Backend Development  >  11 Session and data retention

11 Session and data retention

WBOY
WBOYOriginal
2016-07-29 08:55:241145browse

1 Maintain user information in the website through SessionID

<code><span><span><?php</span>
session_start();
<span>$_SESSION</span>[<span>'visits'</span>]++;
<span>print</span><span>'You have visited here '</span>.<span>$_SESSION</span>[<span>'visits'</span>].<span>' times.<br>'</span>;
<span>echo</span><span>'session id = '</span>.<span>$_COOKIE</span>[<span>'PHPSESSID'</span>];
<span>echo</span><span>"<br>"</span>;
<span>echo</span><span>"session name = "</span>.session_name().<span>"<br>"</span>;
<span>?></span></span></code>

SessionID is recorded in the global variable _COOKIE. The name of SessionID is PHPSESSID, and PHPSESSID can also be obtained through session_name().

2 Prevent Session Hijacking

<code><span><span><span><?php</span>
ini_set(<span>'sessio.use_only_cookies'</span>, <span>true</span>);
session_start();
<span>$salt</span> = <span>'YourSpecialValueHere'</span>;
<span>$tokenstr</span> = date(<span>'W'</span>).<span>$salt</span>;
<span>$token</span> = md5(<span>$tokenstr</span>);
<span>echo</span><span>'token = '</span>.<span>$token</span>.<span>'<br>'</span>;

<span>if</span>(!<span>isset</span>(<span>$_REQUEST</span>[<span>'token'</span>]) || <span>$_REQUEST</span>[<span>'token'</span>] != <span>$token</span>)
{
    <span>exit</span>;
}
<span>$_SESSION</span>[<span>'token'</span>] = <span>$token</span>;
output_add_rewrite_var(<span>'token'</span>, <span>$token</span>);
<span>echo</span><span>'<a href="test.php">link</a>'</span>;
ob_flush();
output_reset_rewrite_vars();
<span>?></span></span></span></code>
<code><span><span><span><?php</span>
session_start();
output_add_rewrite_var(<span>'var'</span>, <span>'value'</span>);

<span>echo</span><span>'<a href="file.php">link</a>'</span>;
ob_flush();

output_reset_rewrite_vars();
<span>echo</span><span>'<a href="file.php">link</a>'</span>;
<span>?></span></span>以上例程会输出:

<span><<span>a</span><span>href</span>=<span>"file.php?PHPSESSID=xxx&var=value"</span>></span>link<span></<span>a</span>></span><span><<span>a</span><span>href</span>=<span>"file.php"</span>></span>link<span></<span>a</span>></span></span></code>

3 Prevent Session Customization

  • Will not append the session identifier to the session cookie on the URL.
  • Frequently generate new session ID
<code><span><span><?php</span>
ini_set(<span>'session.use_only_cookie'</span>, <span>true</span>);
session_start();
<span>if</span>(!<span>isset</span>(<span>$_SESSION</span>[<span>'generated'</span>]) || <span>$_SESSION</span>[<span>'generated'</span>] < (time() - <span>30</span>))
{
    session_regenerate_id();
    <span>$_SESSION</span>[<span>'generated'</span>] = time();
}
<span>echo</span><span>$_COOKIE</span>[<span>'PHPSESSID'</span>]</span></code>
').addClass('pre- numbering').hide(); $(this).addClass('has-numbering').parent().append($numbering); for (i = 1; i ').text(i)); }; $numbering.fadeIn(1700); }); });

The above has introduced 11 Session and data retention, including aspects of it. I hope it will be helpful to friends who are interested in PHP tutorials.

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn