In-depth understanding of session control in php

Session control is a communication method that tracks users. The use of session control is mainly based on the following points: due to the stateless nature of the http protocol, the association between two requests cannot be established through the protocol; for ordinary pages For the data transfer methods between get and post, it mainly handles the transfer of parameters and the input of data. Simple data transfer between the two pages. For multiple pages on the website of a user, a variety of different data, there may be Different permissions lead to different pages, different operation methods, etc. Using get and post is very cumbersome.

1. Cookie method

## In order to track users, users must be marked, the idea of ​​​​cookies That is, when a user visits the first page of the website, by setting the user's information identifier, the web server stores it on the user's computer in the form of text files. These files are so-called cookies and are stored in key-value pairs. , when the user visits the second page of the website, he will access the server with the information in the cookie file through the http header information, and re-verify the user information just now, thus avoiding the need to enter the user every time he visits. Information can determine whether the visits between multiple pages are by the same user.

Function to set information to cookie: setcookie($key, $value, $expire, $path, $domain, $secure).

The parameters are: key, value, expiration time (UNIX timestamp, the default is 0, which means the cookie will disappear when the browser is closed), and the path to access the cookie. After setting, the script under this path on the server can Access cookies (the default is the root directory), the domain name for accessing cookies, only the website page under the domain name (such as www.example.com) can access cookies, and enable cookies whether it is an https secure connection.

For example, record some information after submitting the form through post

<?php    
if(isset($_POST)){        
$time = time();        
setcookie(&#39;user&#39;, $_POST[&#39;user&#39;], $time+3600);  // 时间参数需要比当前时间点大，以表示cookie信息的有效时间    
    setcookie(&#39;data&#39;, array(1,2,3), $time+1200);  // 可以存放各种数据 
    }

The deletion of cookies is still done through setcookie. It is best to write it in the form of advancing the time, or write a key name directly, such as in the user Perform this operation when clicking to exit

 　　setcookie('user', '', time()-200);  // 时间提前，相对当前时间    
 　　setcookie('user');  // 简写，只写键名

2. Session method

Session is similar to cookie, except that the information was originally stored on the client side, but now it is stored on the server side, but in The client generates an identification ID, which is saved in the user's local cookie by default, so the session is related to the cookie. In this way, when the user visits for the first time, the information is stored in the web server, and a fixed-length string (session id) is randomly assigned to the user. When the user visits other pages in the future, he will use this id to find the corresponding user data on the server. Information, so the user can be tracked. A session that uses cookies is called a cookie-based session.

But users can set their browsers to disable cookies (although this is generally not done). Some websites will force users to enable cookies after detecting that cookies are disabled, but there is a situation like this. In this case, the cookie-based method will not work. At this time, it can be passed in the get form with a session id attached to the URL. Of course, it can also be passed through http post.

Use of session

First, use session_start() to open a session. Note that for this type of network function, there is no output allowed in front of it, even if there is a space in front of the Then, register the session variable, that is, access user information or useful data. There is no need to use any function, just store it directly in $ _SESSION super global array, such as $_SESSION['user'] = $_POST[['user'], these data will be saved to a file on the server, or of course it may be in cache (memcache, redis).

When jumping to other pages, the session must be opened on other pages first, still using session_start(). If the session is already opened, this function returns the current session, if not, reopen it.

Finally, if the user exits or destroys the conversation for some reason, these variables must be logged out. Four steps:

1. Still open the session first, or when jumping to other pages, return to the existing session again, you need to ensure that there is no previous output

    session_start();   // 开启或返回一个会话

2. Clear it Related variables in the $_SESSION array

 unset($_SESSION['robert'])  // 销毁某一个变量  
  $_SESSION = array();  // 或者一次性全部销毁会话变量

3. Clear the cookies saved on the client, don’t forget that the session id is still on the user’s computer

 if(isset($_COOKIE[session_name()])){        
unset($_COOKIE[session_name()]);    // session_name()获取sesion的名，session id也是以名和值的形式存储的
    }

4. Completely destroy Information stored in the server

  session_destroy();

After four steps, a session ends.

3. The basic steps for using session control are as follows:

1) Start a session

　 Just call the session_start() function. For the specific functions of the function, please refer to the PHP documentation. It should be noted that this function must be called at the beginning of the script using the session. If not, all the information saved in the session will not be available in the script. In addition to manually calling the session_start() function, you can also automatically configure PHP to automatically call it. You can Google it.

　2) Register a session variable

　Since PHP4.1, session variables are stored in the super global array $_SESSION. To create a session variable, you only need to set an element in the array, such as $_SESSION['myvar'] = 5;

　3) Use a session variable

　It is very easy to use a session variable Simple, just use the $_SESSION array to access the saved session variables, such as echo $_SESSION['mywar']; will print out 5. Before using a session, you must first use the session_start() function to start a session.

4) Unregister variables and destroy sessions

To unregister variables, just use unset, such as unset($_SESSION['myvar']). If you want to destroy all session variables at once, you can use unset ($_SESSION); When you have finished using a session, you should first unregister all variables, and then call session_destroy() to clear the session ID.

The above is the detailed content of In-depth understanding of session control in php. For more information, please follow other related articles on the PHP Chinese website!