Home> System Tutorial> LINUX> body text

Understand the session garbage collection mechanism in php

王林
Release: 2024-08-08 09:08:11
Original
190 people have browsed it
1. Session generation mechanism in php

Let’s first analyze how a session is generated in PHP. The purpose of designing session is to maintain various states of each user to make up for the shortcomings of the HTTP protocol (stateless). We now have a question. We all know that session is saved on the server. Since it is used to maintain the status of each user, what does it use to distinguish users? At this time, you have to use cookies. When we call session_start(); in the code, PHP will generate a file each to the SESSION storage directory (default is /tmp/) and the client's cookie directory. The session file name is like this:

Understand the session garbage collection mechanism in php

The format is sess_{SESSIONID}. At this time, there is no content in the session file. When we added these two lines of code in session_start();:

Copy the codeThe code is as follows:
$_SESSION['name'] = 'wanchun0222';$_SESSION['blog'] = 'coderbolg.net'; 这时文件就有内容了:
Copy after login
Copy the codeThe code is as follows:
name|s:11:"wanchun0222";blog|s:13:"coderbolg.net";
Copy after login

Look at the cookie again now:

Understand the session garbage collection mechanism in php

You can see that the server automatically generated a cookie for us. The cookie name is "PHPSESSID" and the cookie content is a string of characters. In fact, this string of characters is{SESSIONID}. Maybe you already understand that when we use session, PHP first generates a unique SESSIONID number (such as2bd170b3f86523f1b1b60b55ffde0f66), and then generates a file in the default directory of our server with the file namesess_{SESSIONID}, At the same time, a cookie is generated on the current user's client side, the content has already been mentioned. In this way, PHP will generate a SESSIONID for each user, which means one session file for each user. The first time PHP uses a session for a user, it writes a cookie to the client. When the user visits in the future, the browser will bring this cookie. After getting the cookie, PHP reads out the SESSIONID inside and holds this SESSIONID goes to the session directory to find the session file. After finding it, it will be displayed when calling$_SESSION['blog'].

2. Session expiration recycling mechanism in php

We understand the generation and working principle of session, and find that there will be many session files in the session directory. Of course, these files must not exist forever, and PHP must provide an expired recycling mechanism. In php.inisession.gc_maxlifetimesets the lifetime for the session (default is 1440s). If the last update time of the session file exceeds the survival time, the session file is considered expired. It will be deleted the next time the session is recycled. When will the next session be recycled? This is related to the number of php requests. In the internal mechanism of PHP, when php is requested N times, the recycling mechanism will be triggered once. How many times a request is triggered is controlled by the following two parameters:

Copy the codeThe code is as follows:
session.gc_probability = 1session.gc_divisor = 100
Copy after login

这是php.ini的默认设置,意思是每100次PHP请求就有一次回收发生。概率是gc_probability/gc_divisor。我们了解了服务器端的session过期机制,再来看看客户端的cookie的过期机制。

如果cookie失效了浏览器自然发送不了cookie到服务器,这时即使服务器的session文件存在也没用,因为PHP不知道要读取哪个session文件。我们知道PHP的cookie过期时间是在创建时设置的,那么PHP在创建session的同时为客户端创建的cookie的生命周期是多久呢?这个在php.ini中有设置:session.cookie_lifetime 。这个值默认是0,代表浏览器一关闭SESSIONID就失效。那就是说我们把session.gc_maxlifetime和session.cookie_lifetime设置成同一个值就可以控制session的失效时间了。

3、php中session的客户端存储机制

由上面的介绍我们可以知道,如果用户关闭了cookie,那我们的session就完全没法工作了。是的,确实是这样。php中session的客户端存储机制只有cookie吗?不是的。既然我们的SESSIONID 不能通过cookie传递到各个页面,那我们还有另一个法宝,就是通过页面GET传值的方式。

PHP可以在cookie被禁用时自动通过GET方式跨页传递SESSIONID,前提是设置php.ini的session.use_trans_sid为1。这时当我们在客户端禁用了cookie时使用了session,并在当前页面通过点击链接到另一页面时,PHP会自动在链接上添加SESSIONID参数,像这样:nextpage.php?SESSIONID=2bd170b3f86523f1b1b60b55ffde0f66。我想你应该看到了这种方式的缺点:好像不够安全啊。

The above is the detailed content of Understand the session garbage collection mechanism in php. For more information, please follow other related articles on the PHP Chinese website!

source:linuxprobe.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!