Home  >  Article  >  Backend Development  >  Detailed explanation of how to set session expiration time in php

Detailed explanation of how to set session expiration time in php

怪我咯
怪我咯Original
2017-07-05 09:48:343148browse

This article mainly introduces the method to accurately set the session expiration time in php. Friends who need it can refer to it

In most cases, we use the session expiration time. The default setting time, but for some cases with special requirements, we can set the session expiration time.

For this, you can set php.ini in PHP and find session.gc_maxlifetime = 1440 #(PHP5 defaults to 24 minutes)
Here you can set the expiration time at will. But some people say that after setting it up, it doesn’t seem to work!
In fact, it’s not that it doesn’t work, but because the system defaults:

session.gc_probability = 1
session.gc_pisor = 1000

garbage collection There is a probability, 1/1000 is session 1000 Only once was it recycled.
As long as your access volume is large, you can achieve the recycling effect.
Or you can also set the value of session.gc_pisor,
For example: session.gc_pisor = 1 , so that you can clearly see the effect of SESSION expiration.

The most commonly used setting is in the php program, as shown in the following example program:

<?php
if(!isset($_SESSION[&#39;last_access&#39;])||(time()-$_SESSION[&#39;last_access&#39;])>60)
$_SESSION[&#39;last_access&#39;] = time();
?>

That's it. Yes, if you want to set expired, you can also implement it in the program:

<?php
unset($_SESSION[&#39;last_access&#39;]);// 或 $_SESSION[&#39;last_access&#39;]=&#39;&#39;;
?>

session has an expiration mechanism:

session.gc_maxlifetime It turns out that session expiration is a small probability For events, use session.gc_probability and session.gc_pisor respectively to determine the probability of running gc in the session. The default values ​​of session.gc_probability and session.gc_pisor are 1 and 100 respectively. are the numerator and denominator respectively, so the probability of gc running in the session is 1%. If you modify these two values, it will reduce the efficiency of PHP. So this approach is wrong! !
Therefore, modifying the gc_maxlifetime variable in the php.ini file can extend the session expiration time: (for example, we modify the expiration time to 86400 seconds)
session.gc_maxlifetime = 86400
Then, restart you A web service (usually apache) will do.

When session "recycling" occurs:

By default, for every php request, there will be a 1/100 probability of recycling, so it may be simple Understood as "one recycling occurs every 100 php requests". This probability is controlled by the following parameters
#The probability is gc_probability/gc_pisor

session.gc_probability = 1
session.gc_pisor = 100

Note 1:Assume that in this case gc_maxlifetime=120, if a session file was last modified 120 seconds ago , then this session is still valid until the next recycling (1/100 probability) occurs.

Note 2: If your session uses session.save_path to save the session elsewhere, the session recycling mechanism may not automatically process expired session files. At this time, you need to delete expired sessions manually (or crontab) on a regular basis:

cd /path/to/sessions; find -cmin +24 | xargs rm

The session in PHP never expires

It is best not to modify the program method, because if you modify the program, the testing department will be very depressed, so you can only modify the system environment configuration. In fact, it is very simple. Open the php.ini setting file and modify the three lines as follows:

1. session.use_cookies

Set this value to 1 and use cookies to pass sessionid

2 and session.cookie_lifetime

. The time the SessionID is stored in the client cookie, the default is 0, which means that the SessionID will be invalidated as soon as the browser closes... It is because of this that the PHP session cannot be used permanently! So let's set it to a number we think is big, how about 999999999, that's ok! that's all.

3. session.gc_maxlifetime

This is the time that Session data is stored on the server side. If this time is exceeded, the Session data will be automatically deleted! So let's also set it to 99999999.

That's it, everything is ok. Of course, if you don't believe it, just test it and see - set up a session and come back after 10 days and a half to see if your computer is not powered off or down. , you can still see the sessionid.

Of course, it is also possible that you do not have the authority to control the server and are not as lucky as me to be able to modify the php.ini settings. We have ways to rely on ourselves. Of course, we must use the client to store cookies. The obtained sessionID is stored in the client's cookie, sets the value of this cookie, and then passes this value to the session_id() function. The specific method is as follows:

<?php
session_start(); // 启动Session 
$_SESSION[&#39;count&#39;]; // 注册Session变量Count 
isset($PHPSESSID)?session_id($PHPSESSID):$PHPSESSID = session_id(); 
// 如果设置了$PHPSESSID,就将SessionID赋值为$PHPSESSID,否则生成SessionID 
$_SESSION[&#39;count&#39;]++; // 变量count加1 
setcookie(&#39;PHPSESSID&#39;, $PHPSESSID, time()+3156000); // 储存SessionID到Cookie中 
echo $count; // 显示Session变量count的值 
?>

Session is not passed if it is invalid

我们先写个php文件:799cf9f93092039850bcc04dabf8d4fb, 传到服务器去看看服务器的参数配置。
转到session部分,看到session.use_trans_sid参数被设为了零。
这个参数指定了是否启用透明SID支持,即session是否随着URL传递。我个人的理解是,一旦这个参数被设为0,那么每个URL都会启一个session。这样后面页面就无法追踪得到前面一个页面的session,也就是我们所说的无法传递。两个页面在服务器端生成了两个session文件,且无关联。(此处精确原理有待确认)
所以一个办法是在配置文件php.ini里把session.use_trans_sid的值改成1。

当然我们知道,不是谁都有权限去改php的配置的,那么还有什么间接的解决办法呢?
下面就用两个实例来说明:
文件1 test1.php

<?php
//表明是使用用户ID为标识的session
session_id(SID);
//启动session
session_start();
//将session的name赋值为Havi
$_SESSION[&#39;name&#39;]="Havi";
//输出session,并设置超链接到第二页test2.php
echo "<a href="test2.php" rel="external nofollow" >".$_SESSION[&#39;name&#39;]."</a>";
?>

文件2: test2.php

<?php
表明是使用用户ID为标识的session
session_id(SID);
//启动session
session_start();
//输出test1.php中传递的session。
echo "This is ".$_SESSION[&#39;name&#39;];
?>

所以,重点是在session_start();前加上session_id(SID);,这样页面转换时,服务器使用的是用户保存在服务器session文件夹里的session,解决了传递的问题。
不过有朋友会反映说,这样一来,多个用户的session写在一个SID里了,那Session的价值就发挥不出来了。所以还有一招来解决此问题,不用加session_id(SID);前提是你对服务器的php.ini有配置的权限:
output_buffering改成ON,道理就不表了。
第二个可能的原因是对服务器保存session的文件夹没有读取的权限,还是回到phpinfo.php中,查看session保存的地址:

session.save_path: var/tmp

所以就是检查下var/tmp文件夹是否可写。
写一个文件:test3.php来测试一下:

<?php
echo var_dump(is_writeable(ini_get("session.save_path")));
?>

如果返回bool(false),证明文件夹写权限被限制了,那就换个文件夹咯,在你编写的网页里加入:

//设置当前目录下session子文件夹为session保存路径。
$sessSavePath = dirname(FILE).&#39;/session/&#39;;
//如果新路径可读可写(可通过FTP上变更文件夹属性为777实现),则让该路径生效。
if(is_writeable($sessSavePath) && is_readable($sessSavePath))
{
session_save_path($sessSavePath);
}

The above is the detailed content of Detailed explanation of how to set session expiration time in php. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn