Home > Article > Backend Development > php session session (topic)
php session topics include PHP Session concepts, basic function usage, PHP Session use cases, PHP Session video tutorials and related selected articles. Welcome to learn!
Official explanation: Session mechanism (Session
) is used in PHP to maintain relevant data when users continuously access web applications, helping to create highly customized program, increasing the attractiveness of the site.
To understand what php session is, you must first understand what the session mechanism is
HTTP is based on a connectionless network protocol. A visit is brand new to the server
If you remember the visitor and record the connection status, you can improve the user experience and complete many personalized functions, such as user login, shopping cart, etc.
In fact, the way for the server to remember the user is very simple, just like in life, when we apply for a membership card, it is the same.
There are two places where the membership card is stored, either on you or Saved to the merchant's computer
So, user information on the network will also be saved in two places: the browser (client) and the server
What is saved to the browser is called: cookie
The name saved to the server is: session
Extended knowledge: The difference between session and cookie in php
Related topics: php cookie (graphic topic)
Save on the server side
Variable: $_SESSION
Variable filter: filter_input(INPUT_SESSION, key)
Set using dedicated function: setcookie(name, value, expiration time)
needs to be completed in two steps to take effect: first issue the command to the browser, and then the browser completes the cookie writing
1.session_create_id
Create a new session id
session_create_id ([ string $prefix ] ) : string
Parameters
prefix: If prefix is specified, the new session id will be prefixed by prefix. All characters are not allowed in the session id. Characters in the range a-z a-z 0-9, , (comma) and - (minus sign) are allowed.
Return value
Returns the new conflict-free session id of the current session. If it is used without an active session, conflict checking is ignored.
2.session_destroy
Destroy all data in a session
session_destroy ( void ) : bool
Return value
Return TRUE when successful, or when Returns FALSE on failure.
3.session_id
Get/Set the current session ID
session_id ([ string $id ] ) : string
Parameters
id: if If the value of the id parameter is specified, the specified value is used as the session ID. The session_id() function must be called before the session_start() function is called. Different session managers have different restrictions on the characters that can be used in session IDs. For example, the file session manager only allows the following characters in the session ID: a-z A-Z 0-9 , (comma) and - (minus sign)
Return Value
Return Current session ID. If there is no current session, an empty string ("") is returned.
4.session_name
Read/set session name
session_name ([ string $name ] ) : string
Parameters
name: use Session name in cookie or URL, for example: PHPSESSID. Only letters and numbers can be used as the session name. It is recommended that it be as short as possible and that it is a meaningful name (for users who have enabled cookie warnings, it is easier for them to determine whether to allow this cookie). If the name parameter is specified, the current session will also use the specified value as its name.
Return value
Returns the current session name. If the name parameter is specified, this function updates the session name and returns the original session name.
5.session_start
Start a new session or reuse an existing one
session_start ([ array $options = array() ] ) : bool
Parameters
options : This parameter is an associative array whose items, if provided, will be used to override the configuration items in the session configuration directive. The keys in this array need not contain the session. prefix.
Return value
Returns TRUE if the session is successfully started, otherwise returns FALSE
6.session_status
Return current session status
session_status ( void ) : int
Return value
PHP_SESSION_DISABLED The session is disabled.
PHP_SESSION_NONE Session is enabled, but the current session does not exist.
PHP_SESSION_ACTIVE The session is enabled and the current session exists.
7.session_unset
Release all session variables
session_unset ( void ) : void
1. Basic session operations
Commonly used basic operations of PHP Session
<?php //开启session会话 session_start(); //设置session $_SESSION['username'] = 'adminuser'; //获取session $username = $_SESSION['username']; //删除session unset($_SESSION['username']); //清空session session_unset(); //或 $_SESSION = []; //销毁session session_destroy();
2. Solution to disabling cookies in the browser
cookie和session的区别在于cookie是保存在客户端的,而session是存储在服务端中。它们都有生存时间的设置,session比cookie更安全。
当服务端与客户端通信后会生成会话后,会建立一个和浏览器的唯一会话PHPSESSID。这个id会在服务端保存,也会用cookie形式保存在客户端中。
禁用cookie后session不能把唯一id通过cookie方式在客户端中进行存储,这时候php会在浏览器地址栏中以url明文get的方式来传递phpsessionid,来进行客户端和服务端的唯一识别通信。
这样一来程序的安全性大大降低了。所有在php.ini默认是关闭通过地址栏传递phpsessionid的,如果没开启就不能使用session,所以需要php.ini配置支持才行。
session.use_only_cookies = 1; // 开启仅使用cookies存放会话id session.use_trans_sid = 1; // 允许Sessionid通过URL明文传输,默认为0关闭
或者使用代码来实现
/** * 兼容 php7.1 以下版本 */ if (!function_exists('session_create_id')) { function session_create_id() { return uniqid(); } } //获取SESSION_ID $session_id = isset($_GET['SESSION_ID']) ? $_GET['SESSION_ID'] : session_create_id(); //设置 SESSION_ID session_id($session_id); //开启session session_start(); $_SESSION['user'] = 'user01'; //echo $_SESSION['user']; echo $session_id;
3、浏览计数器
利用 session 机制可以实现 记录用户的访问页面的次数,代码如下:
<?php //开启session session_start(); //判断是否设置浏览数 if (isset($_SESSION['view_num'])) { //如果设置 浏览数加 1 $_SESSION['view_num'] = $_SESSION['view_num'] + 1; } else { //如果未设置 设置浏览数为 1 $_SESSION['view_num'] = 1; } die('当前浏览数为:' . $_SESSION['view_num']); ?>
4、使用 session 实现登录功能
对于 Cookie 来说,假设我们要验证用户是否登陆,就必须在 Cookie 中保存用户名和密码(可能是 md5 加密后字符串),并在每次请求页面的时候进行验证。
如果用户名和密码存储在数据库,每次都要执行一次数据库查询,给数据库造成多余的负担。因为我们并不能 只做一次验证。为什么呢?
因为客户端 Cookie 中的信息是有可能被修改的。假如你存储 $admin 变量来表示用户是否登陆,$admin 为 true 的时候表示登陆,为 false 的时候表示未登录,在第一次通过验证后将 $admin 等于 true 存储在 Cookie,下次就不用验证了,这样对么?错了,假如有人伪造一个值为 true 的 $admin 变量那不是就立即取的了管理权限么?非常的不安全。
而 Session 就不同了,Session 是存储在服务器端的,远程用户没办法修改 Session 文件的内容,因此我们可以单纯存储一个 $admin 变量来判断是否登陆,首次验证通过后设置 $admin 值为 true,以后判断该值是否为 true,假如不是,转入登陆界面,这样就可以减少很多数据库操作了。
而且可以减少每次为了验证 Cookie 而传递密码的不安全性了(Session 验证只需要传递一次,假如你没有使用 SSL 安全协议的话)。即使密码进行了 md5 加密,也是很容易被截获的。
当然使用 Session 还有很多优点,比如控制容易,可以按照用户自定义存储等(存储于数据库)。
下面是一个简单的用户登录示例:
<?php session_start(); //判断是否登录 if (isset($_SESSION['login_user'])) { die('已登录!当前登录用户为:' . $_SESSION['login_user']); } //判断是否为POST请求 if ($_SERVER['REQUEST_METHOD'] === 'POST') { //检查是否输入用户名 if (!isset($_POST['username']) || empty($_POST['username'])) { die('请输入用户名!'); } //检查是否输入密码 if (!isset($_POST['password']) || empty($_POST['password'])) { die('请输入密码!'); } //模拟数据 $data = ['username' => 'user01', 'password' => md5('123456')]; //检查用户名是否正确 if ($_POST['username'] === $data['username']) { //检查密码是否正确 if (md5($_POST['password']) === $data['password']) { //保存登录状态 $_SESSION['login_user'] = $_POST['username']; die('恭喜你登录成功!'); } } //用户名或密码不正确 die('用户名或密码不正确!'); } ?> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="=device-width, initial-scale=1.0"> <title>用户登录</title> </head> <body> <form action="./session02.php" method="post"> <input type="text" name="username" placeholder="请输入用户名!"> <input type="password" name="password" placeholder="请输入密码!"> <button type="submit">登录</button> </form> </body> </html>
6.PHP高级视频教程之和session存储相关的一些面试题
7.ThinkPHP5基础讲解视频教程之Session的使用
8.ThinkPHP5基础讲解视频教程之Session的使用
10.会话管理视频教程
3.Three ways to clear the session in php
4.Detailed explanation of the steps for PHP to set up web cluster session synchronization
5.Detailed explanation of examples of judging user operation permissions through Session
6.Redis method of saving PHP Session
7.Laravel uses Redis sharing Session (detailed code explanation)
8.ThinkPHP6.0: Changes in Session and Cookie mechanisms
9.The implementation principle of Session ID in PHP Analysis
10.php implements the member login registration page with html plus Session and Cookie
11.php restores the session content through session_id
12.In-depth introduction to the main session configuration in PHP.ini
13.WeChat applet’s case of obtaining session_key and openid (picture)
14.Session sharing: How to realize session sharing in PHP and redis clusters
15.Introduction to the method of redis to realize session sharing
17.Understand the php session operating mechanism
18.Solution to the general situation when PHP cannot obtain SESSION information
19.Detailed explanation of steps to prevent repeated submission of forms in PHP Session
20. PHP’s method of keeping Session from expiring
21.PHP’s method of improving SESSION response speed
22.MemCache caching and Session ( Knowledge summary)
23.Comparison of several ways for the front-end to obtain session information
24.Detailed explanation of Laravel's method of processing session (session)
The above is the detailed content of php session session (topic). For more information, please follow other related articles on the PHP Chinese website!