search
HomeBackend DevelopmentPHP TutorialPHP version--HTTP session cookie principle and application

PHP’s COOKIE

Cookie is a mechanism that stores data on the remote browser side to track and identify users.
PHP sends cookies in the header information of the http protocol, so the setcookie() function must be called before other information is output to the browser, which is similar to the restriction on the header() function.

--------------------------------------------- -------------------------------------------------- ----------------------------------

1. Set cookie:

a .You can use the setcookie() or setrawcookie() function to set cookies. It can also be set by sending http headers directly to the client.

eg:

Php code PHP version--HTTP session cookie principle and application

  1. $value = 'something from somewhere';
  2. setcookie( "TestCookie", $value); /* Simple cookie settings */
  3. setcookie("TestCookie", $value, time( )+3600); /* Validity period 1 hour */
  4. setcookie("TestCookie", $value, time()+3600, "/ ~rasmus/",
  5. ".example.com", 1); /* Valid directory /~rasmus, valid domain name example.com and all its subdomains */

Set multiple cookies Variables: setcookie('var[a]','value'); Use an array to represent variables, but do not use quotation marks for his subscripts. In this way, you can use $_COOKIE[‘var’][‘a’] to read the COOKIE variable.

b. Use header() to set cookies;

header("Set-Cookie: name=$value[;path=$path[;domain=xxx.com[ ;...]]");

eg:

Php code

PHP version--HTTP session cookie principle and application

  1. $value = 'something from somewhere';
  2. header("Set-Cookie:name=$value"); -------------------------------------------------- -------------------------------------------------- -------------
  3. 2. Read cookies:

You can read browser-side cookies directly using PHP's built-in super global variable $_COOKIE.

The cookie "TestCookie" is set in the above example, now let's read:

eg:

Php code

  1. print $_COOKIE['TestCookie'];

-------------------------------- -------------------------------------------------- -------------------------------------------------- --------

3.Delete cookie

Just set the valid time to be less than the current time, and set the value to empty. For example:

eg:

Php code PHP version--HTTP session cookie principle and application

  1. setcookie("name", " ", time()-1);

Use header() similar.

Note:

a.There is an error message when using setcookie(). It may be because there is output or space before calling setcookie(). It is also possible that your document was converted from another character set. On the other hand, the document may have a BOM signature (that is, adding some hidden BOM characters to the file content). The solution is to prevent this from happening in your document. You can also handle it a little bit by using the ob_start() function.

b.$_COOKIE is affected by magic_quotes_gpc and may be automatically escaped

c.When using it, it is necessary to test whether the user supports cookies

- -------------------------------------------------- -------------------------------------------------- ------------------------

4. Principle.

a. The server sends an http with the response Set-Cookie header, sets a cookie in the client (multiple cookies require multiple headers).

b. The client automatically sends an http cookie header to the server, and the server receives and reads it.
HTTP/1.x 200 OK
MT
                                Cache -Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                          use using using using ’ ’ s ’ s ’ s ‐   ‐ ‐ ‐ t , after receiving this line


Set-Cookie: TestCookie=something from somewhere; path=/

The browser will create a cookie file on the client’s disk and write in it:

TestCookie=something from somewhere;


This line is the result of us using setcookie('TestCookie','something from somewhere','/'); That is the result of using

header('Set-Cookie: TestCookie=something from somewhere; path=/');.


---------------------------------------- ---------Dividing line--------------------------------------- --------------------------------

PHP SESSION

session uses a cookie with an expiration time set to 0, and generates a unique identifier (a long string) called session ID synchronously on the server side. session file (you can define the saving type of the session yourself), associated with the user machine. The web application stores data related to these sessions and allows the data to be passed between pages with the user. Visitors to the website are assigned a unique identifier, a so-called SESSION ID. It is either stored in a cookie on the client side or passed via the URL. SESSION allows the user to register any number of variables and reserve them for each request. When a visitor accesses the website, PHP automatically (if session.auto_start is set to 1) or at the user's request (explicitly called by session_start() or session_register() Called implicitly) to check if a specific SESSION ID was sent in the request. If so, the previously saved environment is recreated.

The core concept of session is: extra data for jumping between web pages is saved on the server and identified by an ID. To maintain the session, the browser needs to bring this ID with each submission.

------------------------------------------------ -------------------------------------------------- ----------------------------------

There are two ways to pass session id:

a. Transmit the SESSION ID through cookies

Use session_start() to call the session. The server generates the session while generating the session file. ID hash value and session name with default value of PHPSESSID, and the variable sent to the client is (default is) PHPSESSID(session name), and the value is a 128-bit hash value. The server will interact with the client through this cookie. The value of the session variable is serialized internally by PHP and stored in a text file on the server machine. It interacts with the client's coolie whose variable name is PHPSESSID by default. That is, the server automatically sends the http header: header('Set-Cookie : session_name()=session_id(); path=/'); i.e. setcookie(session_name(),session_id());
When you jump to a new page from this page and call session_start(), PHP will check the server-side storage associated with the given ID session data, if not found, create a new data set.

b.Transmit session ID through URL

This method is only used when the user prohibits the use of cookies, because browser cookies are already universal, and for security reasons, they are not used. this method.
xxx, session can also be passed through POST value.

--------------------------------------------- -------------------------------------------------- ----------------------------------

If the client prohibits the use of cookies, you can use the following Method:

a. Set session.use_trans_sid = 1 in php.ini or turn on the --enable-trans-sid option when compiling to let PHP automatically pass the session id across pages.
b. Manually pass the value through the URL and pass the session id through the hidden form.
c. Save session_id in a file, database, etc., and call it manually during the cross-page process.

link: http://apps.hi.baidu.com/share/detail/41643457

session can also be used when cookies are disabled: session.use_cookies in
php.ini =1, change it to 0, the session will be saved on the server side, not the client's cookie.

You can view the server's session storage location through session.save_path

session usage:

eg:

Php code PHP version--HTTP session cookie principle and application

  1. // page1.php
  2. session_start();
  3. echo 'Welcome to page #1';
  4. /* Create session variable and assign value to session variable */
  5. $_SESSION ['favcolor'] = 'green' ;
  6. $_SESSION['time '] = time ();
  7. echo '< ;br />page 2';
  8. // If the client disables cookies
  9. echo '
    page 2'
  10. ;
  11. /*
  12. By default under php5.2.1, the SID will only have a value when the cookie is written. If the session The corresponding cookie already exists , then the SID will be (undefined) empty
  13. hp code
  14. // page2 .php
  15. session_start();
  16. print $_SESSION['animal'
]; //Print out a single session

PHP version--HTTP session cookie principle and application var_dump(

$_SESSION
    );
  1. //Print out the session value passed by page1.php
  2. Delete session:
  3. eg:Php code
session_dest roy(); //The first step: Delete the server-side session file , this uses

setcookie(session_name(),

'',time()-3600);

// Step 2: Delete the actual session:

$_SESSION

=

arrayPHP version--HTTP session cookie principle and application();

// Step 3: Delete $_SESSION global variable array
  1. ?>
  2. ------------------------ -------------------------------------------------- -------------------------------------------------- --

    A simple example:

    php code:

    Php code PHP version--HTTP session cookie principle and application

    1. session_start();
    2. if (isset($_SESSION['test_sess'])){
    3. $_SESSION['test_sess ']++;
    4. $_SESSION
    5. ['test_sess'
    6. ] = 0;
    7. } echo
    8. $_SESSION['test_sess' ; First request to server:
    9. GET /test.php HTTP/1.1
    10. Accept: */*
    11. Referer: http://localhost/ Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322) Host: localhost
    12. Connection: Keep-Alive
    13. Server No. Return once: HTTP/1.1 200 OK Date: Fri, 26 Aug 2005 07:44:22 GMT
    14. Server: Apache/2.0.54 (Win32) SVN/1.2.1 PHP / 5.0.4 DAV/2
    X-Powered-By: PHP/5.0.4 Set-Cookie: PHPSESSID=bmmc3mfc94ncdr15ujitjogma3; path=/

    Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control : no -store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache

    Content-Length: 1

    Keep-Alive: timeout=15, max=99 Connection: Keep -Alive Content-Type: text/html; charset=utf-8 Content-Language: Off

    Second request to the server:



    GET /test.php HTTP/1.1
    Accept: */*
    Referer: http://localhost/
    Accept-Language: zh-cn
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322)
    Host: localhost
    Connection: Keep-Alive
    Cookie: PHPSESSID=bmmc3mfc94ncdr15ujitjogma3

    Second server Returns:

    HTTP/1.1 200 OK
    Date: Fri, 26 Aug 2005 07:44:23 GMT
    Server: Apache/2.0.54 (Win32) SVN/1.2.1 PHP/5.0.4 DAV/2
    X- Powered-By: PHP/5.0.4
    Set-Cookie: PHPSESSID=bmmc3mfc94ncdr15ujitjogma3; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must- revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Content-Length: 1
    Keep-Alive: timeout=15, max=98
    Connection: Keep-Alive
    Content-Type: text/ html; charset=utf-8
    Content-Language: OFF
    This The header will send a cookie information to the server, telling the server that I have a cookie named PHPSESSID and the content is bmmc3mfc94ncdr15ujitjogma3.
    Where did this cookie come from? Look at the information returned by the server for the first time:
    Set-Cookie: PHPSESSID=bmmc3mfc94ncdr15ujitjogma3; path=/

    This is the server writing a cookie to the client browser. The name is PHPSESSID and the value is bmmc3mfc94ncdr15ujitjogma3. This value is actually the so-called session_id.

    Continue to look at the second request to the server, and the cookie PHPSESSID is still sent to the server The following conclusions can be drawn: 1. As long as the session is used, the session will be sent to the client browser through the cookie

    2. Every time a request is made to the server, the local browser will attach the cookie to the request information. Sending session

    In fact, session is a completely abstract concept. What session really does is, in addition to the parameters provided by http and post, is to target a user (maybe a browser, or a computer, or even It is an IP) that can save additional information. If we don't use the session provided by the system, we can also transfer data. For example, the data we originally want to store in the session can be serialized and then encrypted to form a string and passed in all URLs and forms on the page. After the server receives the page request, it takes out the secret string from get or post, uncovers it, and restores the data. This is actually the same thing as the session. It's just that this method is super bt, and it requires too much extra work to implement. From a technical point of view, session is to name the additional data to be stored between web page links with an ID and save it on the server side. The browser only needs to provide the appropriate ID for each get or post. Can obtain previously stored data. PHP uses files to save data by default. Under Unix, PHP will generally create a file name like "sess_"+$session_id under /tmp. Through this name, you can directly find the data corresponding to session_id. Therefore, the most core concept of session is: additional data for jumping between web pages is stored on the server and identified with an ID. To maintain the session, the browser needs to bring this ID with each submission.
    How can the browser bring this ID with every request? The stupid way is of course to add an ID parameter to each URL link or form post. Some webmails actually do this. Of course, the easier way is to save it through cookies. But there is still a problem with the cookie solution. What to do if the browser does not support cookies? This is also stated above. The above session is the session function provided by php4 and 5. You must know that the system did not provide the session function before php4! And many cgi programs are completely self-implemented sessions. For sessions provided by php(4,5), the system will use cookies to save session_id by default. In my previous project, users all used the web on the intranet. In order to facilitate management, the browser IP is directly tied to a session, that is, the browser IP address is used instead of the sessionid. There is no cookie in this solution, but it is still a session, because it does not fall outside the definition of session.







    Every time a request is made to the server, the local browser will attach the cookie to the request information
    In fact, it has nothing to do with the session, it is just about how cookies work in the http protocol. This cookie is written by the session_start() function. We can also write the cookie arbitrarily. As long as it is written and the validity period has not expired, the browser can send it.

    The above introduces the PHP version - HTTP session cookie principle and application, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
The Continued Use of PHP: Reasons for Its EnduranceThe Continued Use of PHP: Reasons for Its EnduranceApr 19, 2025 am 12:23 AM

What’s still popular is the ease of use, flexibility and a strong ecosystem. 1) Ease of use and simple syntax make it the first choice for beginners. 2) Closely integrated with web development, excellent interaction with HTTP requests and database. 3) The huge ecosystem provides a wealth of tools and libraries. 4) Active community and open source nature adapts them to new needs and technology trends.

PHP and Python: Exploring Their Similarities and DifferencesPHP and Python: Exploring Their Similarities and DifferencesApr 19, 2025 am 12:21 AM

PHP and Python are both high-level programming languages ​​that are widely used in web development, data processing and automation tasks. 1.PHP is often used to build dynamic websites and content management systems, while Python is often used to build web frameworks and data science. 2.PHP uses echo to output content, Python uses print. 3. Both support object-oriented programming, but the syntax and keywords are different. 4. PHP supports weak type conversion, while Python is more stringent. 5. PHP performance optimization includes using OPcache and asynchronous programming, while Python uses cProfile and asynchronous programming.

PHP and Python: Different Paradigms ExplainedPHP and Python: Different Paradigms ExplainedApr 18, 2025 am 12:26 AM

PHP is mainly procedural programming, but also supports object-oriented programming (OOP); Python supports a variety of paradigms, including OOP, functional and procedural programming. PHP is suitable for web development, and Python is suitable for a variety of applications such as data analysis and machine learning.

PHP and Python: A Deep Dive into Their HistoryPHP and Python: A Deep Dive into Their HistoryApr 18, 2025 am 12:25 AM

PHP originated in 1994 and was developed by RasmusLerdorf. It was originally used to track website visitors and gradually evolved into a server-side scripting language and was widely used in web development. Python was developed by Guidovan Rossum in the late 1980s and was first released in 1991. It emphasizes code readability and simplicity, and is suitable for scientific computing, data analysis and other fields.

Choosing Between PHP and Python: A GuideChoosing Between PHP and Python: A GuideApr 18, 2025 am 12:24 AM

PHP is suitable for web development and rapid prototyping, and Python is suitable for data science and machine learning. 1.PHP is used for dynamic web development, with simple syntax and suitable for rapid development. 2. Python has concise syntax, is suitable for multiple fields, and has a strong library ecosystem.

PHP and Frameworks: Modernizing the LanguagePHP and Frameworks: Modernizing the LanguageApr 18, 2025 am 12:14 AM

PHP remains important in the modernization process because it supports a large number of websites and applications and adapts to development needs through frameworks. 1.PHP7 improves performance and introduces new features. 2. Modern frameworks such as Laravel, Symfony and CodeIgniter simplify development and improve code quality. 3. Performance optimization and best practices further improve application efficiency.

PHP's Impact: Web Development and BeyondPHP's Impact: Web Development and BeyondApr 18, 2025 am 12:10 AM

PHPhassignificantlyimpactedwebdevelopmentandextendsbeyondit.1)ItpowersmajorplatformslikeWordPressandexcelsindatabaseinteractions.2)PHP'sadaptabilityallowsittoscaleforlargeapplicationsusingframeworkslikeLaravel.3)Beyondweb,PHPisusedincommand-linescrip

How does PHP type hinting work, including scalar types, return types, union types, and nullable types?How does PHP type hinting work, including scalar types, return types, union types, and nullable types?Apr 17, 2025 am 12:25 AM

PHP type prompts to improve code quality and readability. 1) Scalar type tips: Since PHP7.0, basic data types are allowed to be specified in function parameters, such as int, float, etc. 2) Return type prompt: Ensure the consistency of the function return value type. 3) Union type prompt: Since PHP8.0, multiple types are allowed to be specified in function parameters or return values. 4) Nullable type prompt: Allows to include null values ​​and handle functions that may return null values.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment