Introduction to session control in PHP interviews

This article brings you an introduction to session control in PHP interviews. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

1. Session

PHP session is also called Session. When PHP operates Session, the server will assign a SessionID to the client when the user logs in or visits some initial pages. SessionID is an encrypted random number that is saved on the client during the life cycle of the Session. It can be stored in a cookie on the user's machine or transmitted across the network via a URL.

Users can register some special variables through SessionID, called session variables, and the data of these variables are saved on the server side. In a specific website connection, if the client can find the SessionID through Cookie or URL, then the server can access the session variable saved on the server side based on the SessionID passed by the client.

The life cycle of Session is only valid within a specific website connection. When the browser is closed, Session will automatically expire, and previously registered session variables can no longer be used. The specific usage steps are as follows:

1) Initialize the session. The session must be initialized before implementing the session function. Use the session_start() function to initialize the session.

bool session_start(void)

This function will check whether the SessionID exists, if not, create one and be able to access it using the predefined array $_SESSION. If the session is successfully started, the function returns TRUE, otherwise it returns FALSE. After the session is started, the session variables that have been registered for the session can be loaded for use.
2) Register session variables. Since PHP 4.1, session variables are stored in the predefined array $_SESSION, so you can define a session variable by directly defining the array unit. The format is as follows:

$_SESSION["键名"]="值";

After the session variable is defined, it is recorded in the server , and the value of this variable is tracked until the session ends or the variable is manually logged out.
3) Access session variables. To access session variables in a script, first start a session using the session_start() function. You can then access the variable using the $_SESSION array.
4) Destroy session variables. After the session variables are used, delete the registered session variables to reduce the occupation of server resources. To delete session variables, use the unset() function. The syntax format is as follows:

void unset(mixed $var [, mixed $var [, $... ]])

Description: $var is the variable to be destroyed, and one or more variables can be destroyed. To destroy all session variables at once, use session_unset();.
5) Destroy the session. After using a session, log out the corresponding session variable, and then call the session_destroy() function to destroy the session. The syntax format is as follows:

bool session_destroy ( void )

This function will delete all data of the session, clear the SessionID, and close the session.

2. Cookie

Cookie can be used to store information such as user name, password, number of visits to the site, etc. When visiting a website, the cookie sends a small piece of information from the html web page to the browser and saves it on the client's computer in the form of a script.

Generally speaking, cookies are returned from the server to the browser through HTTP Headers. First, the server uses Set Cookie Header in the response to create a cookie. The browser then includes the created cookie in the request through the Cookie Header and returns it to the server to complete the browser verification.

Cookie technology has many limitations, such as:
1) When multiple people share a computer, cookie data is easily leaked.
2) The cookie information stored by a site is limited.
3) Some browsers do not support Cookies.
4) Users can disable cookies by setting browser options.
It is precisely because of the above limitations of cookies that when performing session management, SessionID is usually saved in two ways: Cookie and URL, instead of only being saved in Cookie.

Specifically, the steps to use Cookie are as follows:
1) Create Cookie. Use the setcookie() function to create a cookie in PHP. The syntax format is as follows:

bool setcookie(string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]])

① $name: Indicates the name of the cookie.
② $value: Indicates the value of the cookie. This value is saved on the client, so do not save sensitive data.
③ $expire: Indicates the time when the cookie expires. This is a UNIX timestamp, which is the number of seconds since the UNIX epoch. The setting of $expire is generally determined by the current timestamp plus the corresponding number of seconds. For example, time() 1200 means that the cookie will expire after 20 minutes. If not set, the cookie will expire after the browser is closed.
④ $path: Indicates the effective path of the cookie on the server. The default value is the current directory where the cookie is set.
⑤ $domain: Indicates the valid domain name of the cookie on the server. For example, to make the cookie valid in all subdomains under the example.com domain name, this parameter should be set to ".example.com".

2) Access Cookie. Cookies created through the setcookie() function are stored in the predefined variable $_COOKIE as units of an array. In other words, cookies can also be created by directly assigning values ​​to the $_COOKIE array unit. However, the cookies created by the $_COOKIE array will expire after the session ends.

3）删除Cookie。Cookie在创建时指定了一个过期时间，如果到了过期时间，那么Cookie将自动被删除。在PHP中没有专门删除Cookie的函数。如果为了安全方面的考虑，在Cookie过期之前就想删除Cookie，那么可以使用setcookie()函数或$_COOKIE数组将已知Cookie的值设为空。
示例代码如下：

<?php
    $_COOKIE["user"]="administrator";
    setcookie("password","123456",time()+3600);
    $_COOKIE["user"]="";                    //使用$_COOKIE清除Cookie
    setcookie("password","");                //使用setcookie()函数清除Cookie
    print_r($_COOKIE);                    //输出：Array ( [user] => )
?>

Cookie和Session都是用来实现会话机制的，由于HTTP协议是无状态的，所以要想跟踪一个用户在同一个网站之间不同页面的状态，需要有一个机制，称为会话机制。

The above is the detailed content of Introduction to session control in PHP interviews. For more information, please follow other related articles on the PHP Chinese website!