Analysis of PHP's SESSION mechanism

The default mechanism uses disk files to implement PHP sessions. php.ini configuration: session.save_handler = files

1, session_start()

A. session_start() is the beginning of the session mechanism. It has a certain probability of starting garbage collection because the session is stored In the file,

PHP's own garbage collection is invalid, and SESSION's recycling requires deleting the file. This probability is determined based on the configuration of php.ini,

But some systems It is session.gc_probability =0, which means that the probability is 0, but garbage collection is implemented through the cron script.

session.gc_probability =1 session.gc_divisor =1000 session.gc_maxlifetime =1440//过期时间 默认24分钟 //概率是 session.gc_probability/session.gc_divisor 结果 1/1000, //不建议设置过小，因为session的垃圾回收，是需要检查每个文件是否过期的。 session.save_path =//好像不同的系统默认不一样，有一种设置是 “N;/path” //这是随机分级存储，这个样的话，垃圾回收将不起作用，需要自己写脚本

B. Session will determine whether there is currently $_COOKIE[session_name()];session_name() returns the COOKIE key value that saves session_id.

This value can be found from php.ini

session.name = PHPSESSID //默认值PHPSESSID

C. If it does not exist, a session_id will be generated, and then the generated session_id will be passed to the client as the value of COOKIE.

is equivalent to performing the following COOKIE operation. Note that this step is executed Without the setcookie() operation, COOKIE is sent in the header.

There is no output before this. PHP has another function session_regenerate_id(). If you use this function, there is no output before this.

setcookie(session_name(), session_id(), session.cookie_lifetime,//默认0 session.cookie_path,//默认’/’当前程序跟目录下都有效 session.cookie_domain,//默认为空 )

D. If it exists, then session_id =$_COOKIE[session_name];

Then go to the folder specified by session.save_path to find the file named 'SESS_'.session_id().

Read the content of the file, deserialize it, and then put it in $_SESSION

2. Assign a value to $_SESSION

For example, add a new value $_SESSION['test' ] ='blah'; Then this $_SESSION will only be maintained in memory. When the script execution ends,

write the value of $_SESSION to the folder specified by session_id, and then close the related resources. . At this stage, it is possible to perform operations to change the session_id,

such as destroying an old session_id and generating a new session_id. Half of it is used for custom session operations and role conversion,

For example, Drupal. Drupal's anonymous user has a SESSION. When it logs in, it needs to use a new session_id

if (isset($_COOKIE[session_name()])) { setcookie(session_name(),”,time() 42000,’/’);//旧session cookie过期 } session_regenerate_id();//这一步会生成新的session_id //session_id()返回的是新的值

The above is the detailed content of Analysis of PHP's SESSION mechanism. For more information, please follow other related articles on the PHP Chinese website!