1 Maintain user information in the website through SessionID
session_start();
$_SESSION['visits']++;
print'You have visited here '.$_SESSION['visits'].' times.
';
echo'session id = '.$_COOKIE['PHPSESSID'];
echo"
";
echo"session name = ".session_name()."
";
?>
SessionID is recorded in the global variable _COOKIE. The name of SessionID is PHPSESSID, and PHPSESSID can also be obtained through session_name().
2 Prevent Session Hijacking
ini_set('sessio.use_only_cookies', true);
session_start();
$salt = 'YourSpecialValueHere';
$tokenstr = date('W').$salt;
$token = md5($tokenstr);
echo'token = '.$token.'
';
if(!isset($_REQUEST['token']) || $_REQUEST['token'] != $token)
{
exit;
}
$_SESSION['token'] = $token;
output_add_rewrite_var('token', $token);
echo'link';
ob_flush();
output_reset_rewrite_vars();
?>
session_start();
output_add_rewrite_var('var', 'value');
echo'link';
ob_flush();
output_reset_rewrite_vars();
echo'link';
?>以上例程会输出:
<ahref="file.php?PHPSESSID=xxx&var=value">linka><ahref="file.php">linka>
3 Prevent Session Customization
ini_set('session.use_only_cookie', true);
session_start();
if(!isset($_SESSION['generated']) || $_SESSION['generated'] < (time() - 30))
{
session_regenerate_id();
$_SESSION['generated'] = time();
}
echo$_COOKIE['PHPSESSID']
The above has introduced 11 Session and data retention, including aspects of it. I hope it will be helpful to friends who are interested in PHP tutorials.