Home > Article > Backend Development > Detailed graphic and text explanation of invalid analysis data of php session
Session is a very important data storage variable in development. It can transfer values between different pages. Below we will introduce to you the problems encountered when using Session. There are some expired and invalid issues. Friends in need can refer to
Related topic recommendations: php session (including pictures, texts, videos, cases)
php Session invalid analysis
During the PHP development process, some friends may often encounter the problem that the files generated by the Session cannot be automatically cleared. In fact, this is not true. It cannot be cleared, but there is a probability problem. As long as the traffic of your site is large enough, those files can be automatically cleared. If the number of visits is relatively small and the files are not pleasing to the eye, you can realize the automatic clearing function of Session files by configuring it in php.ini. The specific configuration is as follows:
Find
session.gc_probability = 1
session.gc_pisor = 1000
The above two parameters are actually this probability. By default, it is 1/1000
Change session.gc_pisor = 1000 to session.gc_pisor = 100
If you want to achieve complete real-time, you can change this parameter to 1, so the probability is 100%
See how session works
Overview: Every PHP request has a 1/100 probability (default value) of triggering "session recycling". If "session recycling" occurs, the /tmp/sess_* files will be checked. If the last modification time exceeds 1440 seconds (the value of gc_maxlifetime), they will be deleted, which means that these sessions have expired.
1. How does session exist on the server side (usually Apache with PHP module)?
By default, php will save the session in the /tmp directory, and the file name will be like this: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session.
more /tmp/sess_01aab840166fd1dc253e3b4a3f0b8381 username|s:9:”jiangfeng”;admin|s:1:”0〃;
#Variable name|Type: length: value
Deleting the session file here means that the corresponding session is invalid.
2. How does session exist on the client side (usually the browser)?
session On the browser side, you only need to save the session ID (the unique ID generated by the server side). There are two ways to save it: in cookies and in URLs. If the session ID is saved in the cookie, you can see that there is a PHPSESID variable in the browser's cookie. If it is passed by URL, you can see the URL in the form:
index.php?PHPSESID=01aab840166fd1dc253e3b4a3f0b8381. (On the server side, use session.use_cookies to control which method is used)
3. On the server side, how does PHP determine whether the session file has expired?
If the "last modification time" to "now" exceeds gc_maxlifetime (default is 1440) seconds, this session file is considered expired. When the next session is recycled, if this file If it still has not been changed, the session file will be deleted (the session will expire).
Simply put, if I log in to a website and there is no operation within 1440 seconds (default value), then the corresponding session is considered to have expired.
So, modifying the gc_maxlifetime variable in the php.ini file can extend the session expiration time: (for example, we modify the expiration time to 86400 seconds)
session.gc_maxlifetime = 86400
Then, just restart your web service (usually apache).
Note: In php5, session expiration uses a recycling mechanism. The time set here is 86400 seconds. If the session has not been modified within 86400 seconds, it will not be deleted until the next "recycling".
4. When does session "recycling" occur?
By default, for every PHP request, there will be a 1/100 probability of recycling, so it may be simply understood as "one recycling occurs for every 100 PHP requests." This probability is controlled by the following parameters
#The probability is gc_probability/gc_pisor
session.gc_probability = 1
session.gc_pisor = 100
Note 1: Assume that in this case gc_maxlifetime=120, if a session file was last modified 120 seconds ago, then the session will still be valid before the next recycling (1/100 probability) occurs.
Note 2: If your session uses session.save_path to save the session elsewhere, the session recycling mechanism may not automatically process expired session files. At this time, you need to delete expired sessions manually (or crontab) regularly:
cd /path/to/sessions; find -cmin 24 | xargs rm
5. Some special cases
因为回收机制会检查文件的“最后修改时间”,所以如果某个会话是活跃的,但是session的内容没有改变过,那么对应的session文件也就没有改变过,回收机制会认为这是一个长时间没有活跃的session而将其删除。这是我们不愿看到的,可以通过增加如下的简单代码解决这个问题:
<?php if(!isset($_SESSION['last_access'])||(time()-$_SESSION['last_access'])>60) $_SESSION['last_access'] = time(); ?>
代码会每隔60秒,尝试修改修改一次session。
总结:如果想修改session过期时间,修改变量gc_maxlifetime就可以了。php5的session采用被动的回收机制(garbage collection)。过期的session文件不会自己消失,而是通过触发“回收”来处理过期的session。
我们下面来详细看看一些其它的设置session时间的问题
Session 过期时间参数
设定过期时间参数, 主要是设定 session.gc_maxlifetime 的参数即可, 再保险一点的设定, 就设定下面这两个参数.
ini_set('session.cookie_lifetime', 0); // 可用 print_r(session_get_cookie_params()); 观察 ini_set('session.gc_maxlifetime', 3600); // 可用 echo ini_get("session.gc_maxlifetime"); 观察
session_cookie_lifetime 设为 0 的话, 代表等到 browser 才把此 cookie 清掉.(session 和 browser cookie 是有相关的)
如果懒得想这些, 直接用下面的 function 就可以了
Session 过期时间程式
<?php function start_session($expire = 0) { if ($expire == 0) { $expire = ini_get('session.gc_maxlifetime'); } else { ini_set('session.gc_maxlifetime', $expire); } if (empty($_COOKIE['PHPSESSID'])) { session_set_cookie_params($expire); session_start(); } else { session_start(); setcookie('PHPSESSID', session_id(), time() + $expire); } } ?>
使用方式
于程式最上方加入: start_session(600); // 代表 600 秒后会过期 (取代原本 session_start())
如果要再延长过期时间, 只要再做修改即可.
但是有个问题要注意, 就是 PHP 的 session 预设是存成 file, 所以 /tmp 可能会因这样设定而爆掉(档案太多), 通常解法是把 session 存进 DB/memcache 中.
以上就是本文的全部内容,希望对大家的学习有所帮助。
相关推荐:
php及codeigniter使用session-cookie的方法详解
The above is the detailed content of Detailed graphic and text explanation of invalid analysis data of php session. For more information, please follow other related articles on the PHP Chinese website!