What is URL.session id in PHP? What safety risks are there between them? What is the role of session id?

The previous article introduced you to "What is cookie.session? What is the difference between them? (Detailed introduction) ", this article continues to introduce to you what is URL and session id in PHP? What safety risks are there between them? This article will give you different gains. Let’s continue to explore the mysteries of PHP together! ! !

#What is a url?

URL is a Uniform Resource Locator, which is the address of a standard resource on the Internet. Every file on the Internet has a unique URL, which contains information indicating the location of the file and how the browser should handle it.

The basic URL includes: mode (or protocol), server name (or IP address/website), path and file name. The protocol part is separated by "//", such as "Protocol: // Authorization/path?query". Its general syntax format is: protocol :// hostname[:port] / path / [;parameters][?query]#fragmen.

What does "session_id()" in php mean?

session_id()
session_id() 存取目前 session 代号。

语法: string session_id(string [id]);

This function can obtain or reconfigure the codename of the currently stored Session. If there is no parameter id, it means that only the current Session code can be obtained. Adding the parameter means setting the Session code to the newly specified id. Input and return are both strings.

Why is the sessionid displayed on the page using url?

Put it on the server side and open the space ID stored in the client's cookie. If the client closes the cookie, the session cannot be used normally.

What is the use of SESSION?

Everyone has used the shopping cart when shopping online. You can add the products you choose to the shopping cart at any time, and finally go to the checkout counter to check out. During the entire process, the shopping cart has been playing the role of temporarily storing the selected products. It is used to track the user's activities on the website. This is the role of SESSION. It can be used for user identity authentication, program status recording, and between pages. Parameter passing, etc.

URL中session id的安全隐患：

通常浏览器在发送sessionid的时候,会将其放到http请求的header头中发送，

这种方式较安全,会受到浏览器的同源策略保护。也是浏览器发送sessionid的默认方式。

什么是浏览器的同源策略？

我们一般都是指域名，如果两次请求域名一样，我们就称之为是同源策略。

例如：我们发送两个网址

//url

url: www.php.cn/article/detail/3.html 

www.baidu.com/product/detail/6.html

上面两个网址，虽然都是一www开头，但是域名是不一样的，这就是我们所说的不同源。

另-种方式是把sessionid放到ur|中发送。这种方式的安全性较低。如果在

sessionid的生命周期内,黑客通过非常手段获取到该URL的sessionid ,那么黑

客就可以冒充该用户访问用户的系统。

对于环境配置，我们可以用代码进行配置，代码如下所示：

ini_set('session.use_cookies' ,0) ;
ini_set('session.use_only_cookies' ,0);
ini_set('session.use_trans_sid',1);
ini_set('session.name','sid');

session_start();
$_SESSION['user'] = array('uid'=>1,'name'=>'张三','age'=>18);
echo &#39;<a href="session_url.php?usesid=yes”>使用ur1传sessionid</a>&#39;;

推荐学习：《PHP视频教程》

The above is the detailed content of What is URL.session id in PHP? What safety risks are there between them? What is the role of session id?. For more information, please follow other related articles on the PHP Chinese website!