1. Session_start() must be enabled on each page before session can be used in each page.
2. session_start() initializes the session. The first visit will generate a unique session ID and save it on the client (saved based on cookies). The next time the user visits, session_start() will check whether there is a session ID. If Some browsers will bring this session ID (passed by sending a header file, which can be seen with ff browser) to determine the client.
3. The session given to the cookie will save a session ID, session_id, on the client. This can be seen by printing the cookie. The key value of this session_id is session_name,
session_id() == $_COOKIE[session_name()]
4. If the client disables cookies, the session_id must be passed in the URL, which is the SESSION given to the URL
5. You cannot use unset($_SESSION) when logging out of a SESSION. You can use $_SESSION = array() or $_SESSION = null. The correct way to log out a session is as follows:
4 11 12 |
//Correct method to log out session: //1Open session session_start(); //2. Clear session information $_SESSION = array(); //3. Clear client sessionid if(isset($_COOKIE[session_name()])) { setCookie(session_name(),'',time()-3600,'/'); } //4. Completely destroy the session session_destroy(); |