Posted a question on my Weibo today:
During interviews, I often ask a question: "How to set up a session that expires in 30 minutes?" Don't think it seems simple. It contains a lot of knowledge, and it is especially suitable for checking whether the basic skills are solid. Who Come and try to answer? Haha
Why do you ask this question?
1. I saw someone discussing this issue on stackoverflow
2. I remember I often ask this question, so~~
Here, let me answer this question.
First answer
Then, the most common answer is: Set the session expiration time, which is session.gc_maxlifetime. This answer is incorrect for the following reasons:
1. First of all, this PHP uses a certain probability to run the gc of the session, that is, session.gc_probability and session.gc_divisor (for introduction, please refer to the solution to a Permission denied Notice encountered by PHP using Session), this default The values are 1 and 100 respectively, which means there is a 1% chance that PHP will run Session gc when a Session starts. There is no guarantee that it will expire in 30 minutes.
2. What about setting a high-probability cleanup opportunity? Still inappropriate, why? Because PHP uses the modification time of the stat Session file to determine whether it has expired. If this probability is increased, firstly, it will reduce performance. Secondly, PHP Use "a" file to save Session variables related to a session. Suppose I set a Session variable with a=1 5 minutes ago, and set a Seesion variable with b=2 5 minutes later. Then the modification of this Session file The time is the time when moment b is added, then a cannot be cleared at 30 minutes. There is also the third reason below.
3. By default, PHP (Linux as an example) uses /tmp as the default storage directory of Session, and the manual also has the following description:
Note: If different scripts have different session.gc_maxlifetime values but share the same place to store session data, the script with the smallest value will clean up the data. In this case, use this directive together with session.save_path.
That is to say, if there are two applications that do not specify their own independent save_path, one sets the expiration time to 2 minutes (assumed to be A), and the other sets it to 30 minutes (assumed to be B), then each time A When the Session gc is running, the Session files belonging to application B will be deleted at the same time.
So, the first answer is not “completely strictly” correct.
The second answer
Another common answer is: Set the carrier of Session ID and the expiration time of Cookie, which is session.cookie_lifetime. This answer is also incorrect for the following reasons:
This expiration is just the Cookie expiration. In other words, let’s examine the difference between Cookie and Session. Session expiration is the expiration of the server, while Cookie expiration is guaranteed by the client (browser). Even if you set the Cookie expiration, this only It can ensure that the standard browser will not send this cookie (containing Session ID) when it expires, and if you construct a request, you can still use the value of this Session ID.
The third answer
Use memcache, redis, etc., okey, this answer is a correct answer. However, obviously the questioner will definitely ask you next, what if you just use PHP?
The fourth answer
Of course, the interview is not for you, but to test the thoroughness of your thinking. During the process, I will point out these pitfalls, so generally speaking, the approach that meets the meaning of the question is:
1. Set the cookie expiration time to 30 minutes, and set the Session lifetime to 30 minutes.
2. Add Time stamp to each Session value yourself.
3. Before each visit, determine the timestamp.
Finally, some students asked why we need to set an expiration time of 30 minutes: First of all, this is for interviews, and secondly, in actual use scenarios, such as coupons that expire in 30 minutes?
thanks :)
PHP session will expire (originally it is a session cookie, which means that if you close the browser, the session will expire). If you want to force the expiration, you can:
setcookie(session_name(),'' , time() - 3600);
session_destroy();
You can use both at the same time.
I hope it can help you. If you have any questions, please leave a message.
Try using session_cache_expire
Example 1. session_cache_expire() example
/* set the cache limiter to 'private' */
session_cache_limiter('private');
$cache_limiter = session_cache_limiter();
/* set the cache expire to 30 minutes */
session_cache_expire(30);
$ cache_expire = session_cache_expire();
/* start the session */
session_start();
echo "The cache limiter is now set to $cache_limiter br> ";
echo "The cached session pages expire after $cache_expire minutes";
?>