Analysis on the method of using session-cookie in php and codeigniter

The following will bring you an article on how to use session-cookie with PHP and codeigniter (detailed explanation). The content is quite good, so I will share it with you now and give it as a reference.

1. Read and write cookies

##Native

setcookie('name','value',time)

Setup failed, not written to the browser normally, test failed, reason unknown

CI Framework

$this->input->set_cookie("views","test10",1000);
echo $_COOKIE["views"];//此方法获取值时，如果值不存在会报错，当然可以先用isset($_COOKIE["views"])判断一下

By helper

$this->load->helper('cookie');//这行放在view也是可以的，随便
set_cookie('views','test10',1000);
echo get_cookie('views');//此方法获取值如果获取不到，会返回空，不会报错

2. Read and write session

##Native session

Startup:

<?php
session_start();
?>

##Assignment:

$_SESSION['views'] = "test20";

Value:

echo "Session:". $_SESSION['views'];

Duration:

Session. When the browser is closed, the phpsession in the cookie will be cleared, and a

will be regenerated next time it is opened, although the server still saves the session. The expiration time of the session is set in php.ini, see another article

php (codeigniter) security considerations

CI framework session

Startup:

$this->load->library('session');//load必须在controller完成，当要使用session必须先load赋值：
$this->session->views = "test11";

Value:

echo "Session:". $_SESSION['views'];

Duration:

The client has a duration of 2 hours, when the server's session is deleted , because the client's session id is still valid, so when it is opened again, the server will create a session with the same session id as the client's. Of course, it does not matter whether to create a new id or an old id, because only the id has the same name. There is no data

Difference

>The two session names are different, one is called phpsession and the other is called ci_session

>Only one can be started, not both.

>The values ​​​​are the same.

>Do not mix the two, and you should give up the native altogether. The way

>The native phpsession can be accessed casually, and ci_session is httponly, which means that the native session may be attacked through xxs, and the cookie can be obtained through js

Exceptions

There is a situation like this:

At this time Ci_session already exists, because this ci_ is persistent

//session_start();//没有启动原生的session
//$this->load->library('session');//没有启动ci的session
$_SESSION['views'] = "test23";//直接用原生的方式进行赋值
echo "Session:". $_SESSION['views'];//可以正常取值出来"test23"

By checking the cookie, it is found that no native session exists, and it can only be a ci session, then Find this file in the server's session and find that the value is not written in. If session_start() is declared, it will go to the native mode, re-create a phpsession, and the value will be written in.

If nothing There is no declaration or assignment. If you take the value directly, an error will be reported. Because to use ci_session, you must load. If we don’t load, an error will be reported. Therefore, it is proved that when assigning value in the native way, it is equivalent to starting the session. , ci_session is enabled, but he does not have permission to write. This can be said to be a bug

How session works

The operation of cookies is relatively easy to understand. It is written to the user cookie, and whatever is written is read out. As long as it is a cookie on this site, it can be read out by key value.

The value of session exists on the server, but how do you know which user this value belongs to? By storing the session file name in the user cookie, the saved value is placed in a file with the same name on the server. Stealing cookies refers to stealing this. Important information is stored on the server, but if it is stolen, it will be over. Therefore, the session-key stored in the cookie cannot be trusted, and authentication should be performed.

Note,

When writing the session, writing the session-key to the user's cookie is automatically completed. This duration should be in the server's php Configured in .ini. The above is the entire content of this article. I hope it will be helpful to everyone's study. For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

How to implement PHP CodeIgniter paging and multi-condition query

The above is the detailed content of Analysis on the method of using session-cookie in php and codeigniter. For more information, please follow other related articles on the PHP Chinese website!