PHP Session invalid analysis data collection

php Session invalid analysis

During the PHP development process, some friends may often encounter the problem that the files generated by the Session cannot be automatically cleared. In fact, it is not really impossible to clear, but there is a probability problem. As long as your site visits If it is large enough, those files can be automatically deleted. If the number of visits is relatively small and the files are not pleasing to the eye, you can realize the automatic clearing of Session files by configuring php.ini. The specific configuration is as follows:

Find

session.gc_probability = 1
session. gc_divisor = 1000

The above two parameters are actually this probability. By default it is 1/1000

Change session.gc_divisor = 1000 to session.gc_divisor = 100

If you want to achieve complete real-time, then You can change this parameter to 1, so that the probability is 100%

Let’s see how the session works

Overview: Every PHP request has a 1/100 probability (default value) of triggering "session recycling". If "session recycling" occurs, the /tmp/sess_* files will be checked. If the last modification time exceeds 1440 seconds (the value of gc_maxlifetime), they will be deleted, which means that these sessions have expired.

1. How does session exist on the server side (usually Apache with PHP module)?

By default, php will save the session in the /tmp directory, and the file name will be like this: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session.

more /tmp/sess_01aab840166fd1dc253e3b4a3f0b8381
username|s:9:”jiangfeng”;admin|s:1:”0〃;

#Variable name | Type: length: value

Deleting the session file here means that the corresponding session is invalid.

2. How does session exist on the client side (usually the browser)?

Session is on the browser side, you only need to save the session ID (the unique ID generated by the server side). There are two ways to save it: in cookies and in URLs. If the session ID is saved in the cookie, you can see that there is a PHPSESID variable in the browser's cookie. If it is passed by URL, you can see the URL in the form:
index.php?PHPSESID=01aab840166fd1dc253e3b4a3f0b8381. (On the server side, use session.use_cookies to control which method is used)

3. On the server side, how does PHP determine whether the session file has expired?

If the "last modification time" to "now" exceeds gc_maxlifetime (default is 1440) seconds, the session file is considered expired. During the next session recycling, if the file has not been changed, this The session file will be deleted (session will expire).
Simply put, if I log in to a website and there is no operation within 1440 seconds (default value), then the corresponding session is considered to have expired.
So, modify the gc_maxlifetime variable in the php.ini file to extend the session expiration time: (for example, we change the expiration time to 86400 seconds)

session.gc_maxlifetime = 86400

Then, restart your web service (usually apache) is fine.
Note: PHP5 uses a recycling mechanism when session expires. The time set here is 86400 seconds. If the session has not been modified within 86400 seconds, it will not be deleted until the next "recycling".

4. When does session "recycling" occur?

By default, for every php request, there will be a 1/100 probability of recycling, so it may be simply understood as "one recycling occurs for every 100 php requests". This probability is controlled by the following parameters
#The probability is gc_probability/gc_divisor

session.gc_probability = 1
session.gc_divisor = 100

Note 1: Assume that in this case gc_maxlifetime=120, if a session file is last modified time is 120 seconds ago, then the session is still valid until the next recycling (1/100 probability) occurs.
Note 2: If your session uses session.save_path to save the session elsewhere, the session recycling mechanism may not automatically process expired session files. At this time, you need to delete expired sessions manually (or crontab) regularly:

cd /path/to/sessions; find -cmin +24 | "Last modified time", so if a session is active but the content of the session has not changed, then the corresponding session file has not changed. The recycling mechanism will consider this to be a session that has not been active for a long time and delete it. . This is something we don’t want to see. We can solve this problem by adding the following simple code:

<?php
if(!isset($_SESSION[&#39;last_access&#39;])||(time()-$_SESSION[&#39;last_access&#39;])>60)
  $_SESSION[&#39;last_access&#39;] = time();
?>

The code will try to modify the session every 60 seconds.

Session expiration time parameters

To set the expiration time parameters, the main thing is to set the parameters of session.gc_maxlifetime. For a safer setting, just set Set the following two parameters.

ini_set('session.cookie_lifetime', 0); // 可用 print_r(session_get_cookie_params()); 观察
ini_set('session.gc_maxlifetime', 3600); // 可用 echo ini_get("session.gc_maxlifetime"); 观察

session_cookie_lifetime 设为 0 的话, 代表等到 browser 才把此 cookie 清掉.(session 和 browser cookie 是有相关的)

如果懒得想这些, 直接用下面的 function 就可以了

Session 过期时间程式

<?php
function start_session($expire = 0)
{
  if ($expire == 0) {
    $expire = ini_get(&#39;session.gc_maxlifetime&#39;);
  } else {
    ini_set(&#39;session.gc_maxlifetime&#39;, $expire);
  }
  if (empty($_COOKIE[&#39;PHPSESSID&#39;])) {
    session_set_cookie_params($expire);
    session_start();
  } else {
    session_start();
    setcookie(&#39;PHPSESSID&#39;, session_id(), time() + $expire);
  }
}
?>

使用方式

于程式最上方加入: start_session(600); // 代表 600 秒后会过期 (取代原本 session_start())
如果要再延长过期时间, 只要再做修改即可.

但是有个问题要注意, 就是 PHP 的 session 预设是存成 file, 所以 /tmp 可能会因这样设定而爆掉(档案太多), 通常解法是把 session 存进 DB/memcache 中.

感谢阅读，希望能帮助到大家，谢谢大家对本站的支持！

更多php Session无效分析资料整理相关文章请关注PHP中文网！