This article mainly introduces the instance of adding session to redis, introduces the session in detail, and provides code examples. Friends in need can refer to the following
Session information into redis
Session Introduction
session, often translated as conversation in Chinese, its original meaning refers to a series of actions/messages that have a beginning and an end, such as picking up the phone when making a phone call The series of processes from dialing to hanging up can be called a session. Sometimes we can see words like "During a browser session,..." The word session here is used in its original meaning, which refers to the period from the opening to closing of a browser window①. The most confusing thing is the sentence "the user (client) during a session", which may refer to a series of actions of the user (generally a series of actions related to a specific purpose, such as from logging in to purchasing goods). The online shopping process from checkout to logout is sometimes called a transaction). However, sometimes it may just refer to a connection, or it may refer to meaning ①. The difference can only be inferred from the context ②.
In this article, the Chinese "browser session period" is used to express the meaning ①, the "session mechanism" is used to express the meaning ④, the "session" is used to express the meaning ⑤, and the specific "HttpSession" is used To express the meaning ⑥
Why should SESSION be saved in the cache
As far as php is concerned, the session supported by the language itself is in the form of a file Save to a disk file and save it in the specified folder. The saved path can be set in the configuration file or using the function session_save_path() in the program. However, there are drawbacks to this.
The first is to save to a file In the system, the efficiency is low. As long as the session is used, the specified sessionid will be searched from multiple files, which is very inefficient.
The second is that when multiple servers are used, the problem of session loss may occur (actually it is saved on other servers).
Of course, saving in the cache can solve the above problem. If you use PHP's own session function, you can use the session_set_save_handler() function to easily re-control the session processing process. If you don't use PHP's session series functions, you can write a similar session function yourself, which is also possible. This is the project I'm working on now. It will calculate the hash as the sessionId based on the user's mid and login time. Each time it is requested, The sessionId must be added to be legal (it is not needed when logging in for the first time, the sessionId will be created at this time and returned to the client). This is also very convenient, concise and efficient. Of course, what I am mainly talking about in this article is "manipulating things" in PHP's own SESSION.
SESSION is saved in the cache
php saves the cache to redis. You can use the configuration file to modify the processing and saving of the session. , of course, you can also use the ini_set() function to modify it in the program. This is very convenient for testing. I will use this method here. Of course, if it is a production environment, it is recommended to use the configuration file.
If you want to simply operate the session into redis, you can run the following code
<?php
ini_set("session.save_handler", "redis");
ini_set("session.save_path", "tcp://localhost:6379");
session_start();
header("Content-type:text/html;charset=utf-8");
if(isset($_SESSION['view'])){
$_SESSION['view'] = $_SESSION['view'] + 1;
}else{
$_SESSION['view'] = 1;
}
echo "【view】{$_SESSION['view']}";
//这里设置session.save_handler方式为redis,session.save_path为redis的地址和端口,设置之后刷新,再回头查看redis,会发现redis中的生成了sessionId,sessionId和浏览器请求的是一样的,
//也可以使用
Session_set_save_handler(‘open','close',' read',' write',' destory',' gc');
//用法如下自定义一个Redis_session类
<?php
class RedisSession{
private $_redis = array(
'handler' => null, //数据库连接句柄
'host' => null, //redis端口号
'port' => null,
);
public function __construct($array = array()){
isset($array['host'])?$array['host']:"false";
isset($array['port'])?$array['host']:"false";
$this->_redis = array_merge($this->_redis, $array);
}
public function begin(){
//设置session处理函数
session_set_save_handler(
array($this, 'open'),
array($this, 'close'),
array($this, 'read'),
array($this, 'write'),
array($this, 'destory'),
array($this, 'gc')
);
}
public function open(){
$redis = new Redis();
$redis->connect($this->_redis['host'], $this->_redis['port']);
if(!$redis){
return false;
}
$this->_redis['handler'] = $redis;
$this->gc(null);
return true;
}
//关
public function close(){
return $this->_redis['handler']->close();
}
//读
public function read($session_id){
return $this->_redis['handler']->get($session_id);
}
//写
public function write($sessionId, $sessionData){
return $this->_redis['handler']->set($sessionId, $sessionData);
}
public function destory($sessionId){
return $this->_redis['handler']->delete($sessionId) >= 1 ? true : false;
}
public function gc(){
//获取所有sessionid,让过期的释放掉
$this->_redis['handler']->keys("*");
return true;
}
}
$ses = new RedisSession(array('host'=>'127.0.0.1','port'=>'6379'));
$ses->begin();
session_start();
$_SESSION['name']='zhangsan';
echo $_SESSION['name'];
In this way, you can realize the session data such as the redis code execution process Redis must be installed in it.
The above is the entire content of this article. I hope it will be helpful to everyone's study. For more related content, please pay attention to the PHP Chinese website!
Related recommendations:
About the definition and usage of php htmlentities() function
About using openssl in PHP7.1 Introduction to replacing mcrypt
The above is the detailed content of About the implementation of adding redis to session. For more information, please follow other related articles on the PHP Chinese website!
How can you prevent session fixation attacks?Apr 28, 2025 am 12:25 AMEffective methods to prevent session fixed attacks include: 1. Regenerate the session ID after the user logs in; 2. Use a secure session ID generation algorithm; 3. Implement the session timeout mechanism; 4. Encrypt session data using HTTPS. These measures can ensure that the application is indestructible when facing session fixed attacks.
How do you implement sessionless authentication?Apr 28, 2025 am 12:24 AMImplementing session-free authentication can be achieved by using JSONWebTokens (JWT), a token-based authentication system where all necessary information is stored in the token without server-side session storage. 1) Use JWT to generate and verify tokens, 2) Ensure that HTTPS is used to prevent tokens from being intercepted, 3) Securely store tokens on the client side, 4) Verify tokens on the server side to prevent tampering, 5) Implement token revocation mechanisms, such as using short-term access tokens and long-term refresh tokens.
What are some common security risks associated with PHP sessions?Apr 28, 2025 am 12:24 AMThe security risks of PHP sessions mainly include session hijacking, session fixation, session prediction and session poisoning. 1. Session hijacking can be prevented by using HTTPS and protecting cookies. 2. Session fixation can be avoided by regenerating the session ID before the user logs in. 3. Session prediction needs to ensure the randomness and unpredictability of session IDs. 4. Session poisoning can be prevented by verifying and filtering session data.
How do you destroy a PHP session?Apr 28, 2025 am 12:16 AMTo destroy a PHP session, you need to start the session first, then clear the data and destroy the session file. 1. Use session_start() to start the session. 2. Use session_unset() to clear the session data. 3. Finally, use session_destroy() to destroy the session file to ensure data security and resource release.
How can you change the default session save path in PHP?Apr 28, 2025 am 12:12 AMHow to change the default session saving path of PHP? It can be achieved through the following steps: use session_save_path('/var/www/sessions');session_start(); in PHP scripts to set the session saving path. Set session.save_path="/var/www/sessions" in the php.ini file to change the session saving path globally. Use Memcached or Redis to store session data, such as ini_set('session.save_handler','memcached'); ini_set(
How do you modify data stored in a PHP session?Apr 27, 2025 am 12:23 AMTomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe
Give an example of storing an array in a PHP session.Apr 27, 2025 am 12:20 AMArrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.
How does garbage collection work for PHP sessions?Apr 27, 2025 am 12:19 AMPHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 Linux new version
SublimeText3 Linux latest version
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
